openEuler 20.03 LTS SP4 update for kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 74 |
| CVE-ID | CVE-2021-47239 CVE-2021-47265 CVE-2021-47275 CVE-2021-47277 CVE-2021-47297 CVE-2021-47314 CVE-2021-47323 CVE-2021-47330 CVE-2021-47350 CVE-2021-47353 CVE-2021-47355 CVE-2021-47356 CVE-2021-47357 CVE-2021-47361 CVE-2021-47362 CVE-2021-47388 CVE-2021-47395 CVE-2021-47397 CVE-2021-47401 CVE-2021-47404 CVE-2021-47405 CVE-2021-47408 CVE-2021-47423 CVE-2021-47427 CVE-2021-47438 CVE-2021-47442 CVE-2021-47443 CVE-2021-47445 CVE-2021-47458 CVE-2021-47459 CVE-2021-47475 CVE-2021-47477 CVE-2021-47495 CVE-2021-47545 CVE-2021-47548 CVE-2021-47549 CVE-2021-47559 CVE-2022-48708 CVE-2023-52669 CVE-2023-52693 CVE-2023-52699 CVE-2023-52703 CVE-2023-52750 CVE-2023-52752 CVE-2023-52759 CVE-2023-52789 CVE-2023-52796 CVE-2023-52799 CVE-2023-52802 CVE-2023-52804 CVE-2023-52805 CVE-2023-52809 CVE-2023-52819 CVE-2023-52831 CVE-2023-52832 CVE-2023-52845 CVE-2023-52878 CVE-2024-26934 CVE-2024-27020 CVE-2024-27399 CVE-2024-27401 CVE-2024-35789 CVE-2024-35808 CVE-2024-35822 CVE-2024-35823 CVE-2024-35877 CVE-2024-35904 CVE-2024-35925 CVE-2024-35960 CVE-2024-35978 CVE-2024-35995 CVE-2024-36004 CVE-2024-36015 CVE-2024-36940 |
| CWE-ID | CWE-401 CWE-20 CWE-476 CWE-125 CWE-908 CWE-200 CWE-416 CWE-667 CWE-388 CWE-399 CWE-119 CWE-617 CWE-190 CWE-366 CWE-369 CWE-665 CWE-252 CWE-415 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component python2-perf-debuginfo Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component python2-perf Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 74 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU89949
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47239
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smsc75xx_bind() and smsc75xx_unbind() functions in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU93174
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47265
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5_ib_create_flow() function in drivers/infiniband/hw/mlx5/fs.c, within the mlx4_ib_create_flow() function in drivers/infiniband/hw/mlx4/main.c, within the ib_uverbs_ex_create_flow() function in drivers/infiniband/core/uverbs_cmd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU93052
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47275
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cached_dev_cache_miss() function in drivers/md/bcache/request.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU90296
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47277
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the include/linux/kvm_host.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of uninitialized resource
EUVDB-ID: #VU90870
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47297
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the caif_seqpkt_sendmsg() function in net/caif/caif_socket.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU91334
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47314
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the fsl_ifc_ctrl_remove() and fsl_ifc_ctrl_probe() functions in drivers/memory/fsl_ifc.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU90101
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47323
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wdt_startup() function in drivers/watchdog/sc520_wdt.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory leak
EUVDB-ID: #VU89960
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47330
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the serial_resume() and serial_probe() functions in drivers/tty/serial/8250/serial_cs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper locking
EUVDB-ID: #VU91509
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47350
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bad_kernel_fault() function in arch/powerpc/mm/fault.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU90500
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47353
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the udf_symlink() function in fs/udf/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU90133
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47355
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nicstar_cleanup() function in drivers/atm/nicstar.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU90134
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47356
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the HFC_cleanup() function in drivers/isdn/hardware/mISDN/hfcpci.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU90135
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47357
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ia_module_exit() function in drivers/atm/iphase.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper error handling
EUVDB-ID: #VU90939
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47361
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mcb_alloc_bus() function in drivers/mcb/mcb-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) NULL pointer dereference
EUVDB-ID: #VU90498
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47362
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the si_dpm_enable() function in drivers/gpu/drm/amd/pm/powerplay/si_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU90140
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47388
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ieee80211_crypto_ccmp_decrypt() and ieee80211_crypto_gcmp_decrypt() functions in net/mac80211/wpa.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Resource management error
EUVDB-ID: #VU93467
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47395
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ieee80211_parse_tx_radiotap() function in net/mac80211/tx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU92066
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47397
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sctp_rcv_ootb() function in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Memory leak
EUVDB-ID: #VU91624
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47401
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ipoctal_inst_slot() and __ipoctal_remove() functions in drivers/ipack/devices/ipoctal.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU90298
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47404
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the betopff_init() function in drivers/hid/hid-betopff.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Memory leak
EUVDB-ID: #VU89966
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47405
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hid_ctrl() and usbhid_stop() functions in drivers/hid/usbhid/hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper locking
EUVDB-ID: #VU91511
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47408
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the DEFINE_SPINLOCK(), get_next_corpse(), nf_ct_iterate_cleanup() and nf_conntrack_hash_resize() functions in net/netfilter/nf_conntrack_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Memory leak
EUVDB-ID: #VU89971
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47423
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the drivers/gpu/drm/nouveau/nouveau_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU91057
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47427
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iscsi_eh_abort() function in drivers/scsi/libiscsi.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Memory leak
EUVDB-ID: #VU89935
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47438
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlx5_core_destroy_cq() function in drivers/net/ethernet/mellanox/mlx5/core/cq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Memory leak
EUVDB-ID: #VU89936
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47442
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the digital_in_send_sdd_req() function in net/nfc/digital_technology.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Memory leak
EUVDB-ID: #VU89937
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47443
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the digital_tg_configure_hw() and digital_tg_listen_mdaa() functions in net/nfc/digital_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) NULL pointer dereference
EUVDB-ID: #VU90407
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47445
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_edp_ctrl_power() and msm_edp_ctrl_init() functions in drivers/gpu/drm/msm/edp/edp_ctrl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Buffer overflow
EUVDB-ID: #VU91306
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47458
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ocfs2_initialize_super() function in fs/ocfs2/super.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Use-after-free
EUVDB-ID: #VU90061
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47459
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the j1939_netdev_start() function in net/can/j1939/main.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU90836
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47475
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the IC3_VERSION BIT() and vmk80xx_alloc_usb_buffers() functions in drivers/staging/comedi/drivers/vmk80xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Information disclosure
EUVDB-ID: #VU91330
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47477
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the dt9812_read_info(), dt9812_read_multiple_registers(), dt9812_write_multiple_registers() and dt9812_rmw_multiple_registers() functions in drivers/staging/comedi/drivers/dt9812.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Input validation error
EUVDB-ID: #VU90852
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47495
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Memory leak
EUVDB-ID: #VU89930
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47545
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fmt_free(), perf_hpp__init() and perf_hpp_list__prepend_sort_field() functions in tools/perf/ui/hist.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Buffer overflow
EUVDB-ID: #VU92060
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47548
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the hns_dsaf_ge_srst_by_port() function in drivers/net/ethernet/hisilicon/hns/hns_dsaf_misc.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Use-after-free
EUVDB-ID: #VU90056
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47549
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sata_fsl_init_controller() and sata_fsl_remove() functions in drivers/ata/sata_fsl.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) NULL pointer dereference
EUVDB-ID: #VU90532
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47559
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smc_link_down_work() and smc_vlan_by_tcpsk() functions in net/smc/smc_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) NULL pointer dereference
EUVDB-ID: #VU91227
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48708
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pcs_set_mux() function in drivers/pinctrl/pinctrl-single.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Out-of-bounds read
EUVDB-ID: #VU91423
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52669
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ctr_paes_crypt() function in arch/s390/crypto/paes_s390.c, within the ctr_aes_crypt() function in arch/s390/crypto/aes_s390.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Use of uninitialized resource
EUVDB-ID: #VU91678
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52693
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the acpi_video_dev_register_backlight() function in drivers/acpi/acpi_video.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Improper locking
EUVDB-ID: #VU90751
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52699
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the block_end(), get_branch(), get_block() and find_shared() functions in fs/sysv/itree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Use of uninitialized resource
EUVDB-ID: #VU91676
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52703
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the kalmia_send_init_packet() function in drivers/net/usb/kalmia.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Improper error handling
EUVDB-ID: #VU90935
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52750
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/arm64/Kconfig. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Use-after-free
EUVDB-ID: #VU90068
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52752
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seq_printf() and spin_unlock() functions in fs/smb/client/cifs_debug.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Reachable Assertion
EUVDB-ID: #VU90905
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52759
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the qd_check_sync() function in fs/gfs2/quota.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) NULL pointer dereference
EUVDB-ID: #VU90421
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52789
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vcc_probe() and vcc_table_remove() functions in drivers/tty/vcc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Improper locking
EUVDB-ID: #VU91506
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52796
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipvlan_addr_lookup(), IS_ENABLED() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Out-of-bounds read
EUVDB-ID: #VU90281
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52799
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAllocCtl(), dbFindCtl(), dbAllocDmapLev(), dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) NULL pointer dereference
EUVDB-ID: #VU90536
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52802
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the stm32_adc_probe() function in drivers/iio/adc/stm32-adc-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Out-of-bounds read
EUVDB-ID: #VU90284
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52804
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Out-of-bounds read
EUVDB-ID: #VU90283
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52805
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the diInitInode() and diAlloc() functions in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) NULL pointer dereference
EUVDB-ID: #VU90419
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52809
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fc_lport_ptp_setup() function in drivers/scsi/libfc/fc_lport.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Out-of-bounds read
EUVDB-ID: #VU90288
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52819
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/gpu/drm/amd/powerplay/hwmgr/pptable_v1_0.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Improper error handling
EUVDB-ID: #VU90934
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52831
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the cpu_down_maps_locked() function in kernel/cpu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Integer overflow
EUVDB-ID: #VU91425
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52832
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Use of uninitialized resource
EUVDB-ID: #VU90867
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52845
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the net/tipc/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Out-of-bounds read
EUVDB-ID: #VU91083
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52878
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the can_put_echo_skb() function in drivers/net/can/dev/skb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Improper locking
EUVDB-ID: #VU90776
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26934
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the interface_authorized_store() function in drivers/usb/core/sysfs.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Race condition within a thread
EUVDB-ID: #VU91432
Risk: Low
CVSSv3.1: 6.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27020
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a data race within the __nft_expr_type_get() and nft_expr_type_get() functions in net/netfilter/nf_tables_api.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) NULL pointer dereference
EUVDB-ID: #VU89673
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27399
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error within the l2cap_chan_timeout() function in net/bluetooth/l2cap_core.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Buffer overflow
EUVDB-ID: #VU89675
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27401
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the packet_buffer_get() function in drivers/firewire/nosy.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Use-after-free
EUVDB-ID: #VU90167
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35789
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ieee80211_change_station() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Improper locking
EUVDB-ID: #VU90754
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35808
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the raid_message() function in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Improper locking
EUVDB-ID: #VU93464
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35822
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the usb_ep_queue() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Buffer overflow
EUVDB-ID: #VU93153
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35823
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the vc_uniscr_delete() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Memory leak
EUVDB-ID: #VU91638
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35877
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the follow_phys() function in mm/memory.c, within the is_cow_mapping(), free_pfn_range() and untrack_pfn() functions in arch/x86/mm/pat.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) NULL pointer dereference
EUVDB-ID: #VU93461
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35904
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_sel_fs() function in security/selinux/selinuxfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Division by zero
EUVDB-ID: #VU91373
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35925
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the blk_rq_stat_init() function in block/blk-stat.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Improper Initialization
EUVDB-ID: #VU93351
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35960
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the add_rule_fg() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Memory leak
EUVDB-ID: #VU89973
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35978
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hci_req_sync_complete() function in net/bluetooth/hci_request.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Buffer overflow
EUVDB-ID: #VU92955
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35995
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the show_cppc_data(), acpi_cppc_processor_probe(), cpc_read() and cpc_write() functions in drivers/acpi/cppc_acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Resource management error
EUVDB-ID: #VU93281
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36004
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the i40e_init_module() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Unchecked Return Value
EUVDB-ID: #VU89896
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36015
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an unchecked return value within the register_device() function in drivers/char/ppdev.c. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Double Free
EUVDB-ID: #VU90885
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36940
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debuginfo: before 4.19.90-2406.1.0.0279
perf: before 4.19.90-2406.1.0.0279
perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-devel: before 4.19.90-2406.1.0.0279
bpftool-debuginfo: before 4.19.90-2406.1.0.0279
kernel-debugsource: before 4.19.90-2406.1.0.0279
python3-perf: before 4.19.90-2406.1.0.0279
kernel-source: before 4.19.90-2406.1.0.0279
bpftool: before 4.19.90-2406.1.0.0279
kernel-devel: before 4.19.90-2406.1.0.0279
kernel-tools: before 4.19.90-2406.1.0.0279
python2-perf-debuginfo: before 4.19.90-2406.1.0.0279
kernel-tools-debuginfo: before 4.19.90-2406.1.0.0279
python2-perf: before 4.19.90-2406.1.0.0279
kernel: before 4.19.90-2406.1.0.0279
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1692
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
