openEuler 22.03 LTS SP1 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 55 |
| CVE-ID | CVE-2021-47370 CVE-2021-47489 CVE-2022-48689 CVE-2023-52654 CVE-2023-52655 CVE-2023-52669 CVE-2023-52699 CVE-2023-52703 CVE-2023-52730 CVE-2023-52735 CVE-2023-52736 CVE-2023-52750 CVE-2023-52752 CVE-2023-52759 CVE-2023-52774 CVE-2023-52789 CVE-2023-52795 CVE-2023-52802 CVE-2023-52804 CVE-2023-52805 CVE-2023-52808 CVE-2023-52814 CVE-2023-52818 CVE-2023-52819 CVE-2023-52826 CVE-2023-52832 CVE-2023-52836 CVE-2023-52845 CVE-2023-52858 CVE-2023-52859 CVE-2023-52864 CVE-2023-52871 CVE-2023-52878 CVE-2024-26833 CVE-2024-26877 CVE-2024-26934 CVE-2024-27020 CVE-2024-27401 CVE-2024-27413 CVE-2024-35822 CVE-2024-35823 CVE-2024-35840 CVE-2024-35877 CVE-2024-35939 CVE-2024-35950 CVE-2024-35956 CVE-2024-35958 CVE-2024-35960 CVE-2024-35978 CVE-2024-35984 CVE-2024-35995 CVE-2024-36000 CVE-2024-36015 CVE-2024-36940 CVE-2021-42327 |
| CWE-ID | CWE-399 CWE-125 CWE-366 CWE-119 CWE-667 CWE-908 CWE-200 CWE-401 CWE-476 CWE-388 CWE-416 CWE-617 CWE-415 CWE-190 CWE-665 CWE-252 CWE-787 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system perf-debuginfo Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component python3-perf-debuginfo Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 55 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU93266
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47370
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_sendmsg_frag() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU91082
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47489
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dp_phy_settings_write(), dp_phy_test_pattern_debugfs_write(), dp_dsc_passthrough_set(), trigger_hotplug(), dp_dsc_clock_en_write(), dp_dsc_slice_width_write(), dp_dsc_slice_height_write(), dp_dsc_bits_per_pixel_write() and dp_max_bpc_write() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Race condition within a thread
EUVDB-ID: #VU91430
Risk: Low
CVSSv3.1: 6.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48689
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a data race within the skb_frag_size_add() function in net/ipv4/tcp.c, within the __zerocopy_sg_from_iter() function in net/core/datagram.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU93257
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52654
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the scm_fp_copy() function in net/core/scm.c, within the io_finish_async() and io_sqe_files_register() functions in fs/io_uring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU93242
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52655
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the aqc111_rx_fixup() function in drivers/net/usb/aqc111.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU91423
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52669
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ctr_paes_crypt() function in arch/s390/crypto/paes_s390.c, within the ctr_aes_crypt() function in arch/s390/crypto/aes_s390.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper locking
EUVDB-ID: #VU90751
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52699
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the block_end(), get_branch(), get_block() and find_shared() functions in fs/sysv/itree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use of uninitialized resource
EUVDB-ID: #VU91676
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52703
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the kalmia_send_init_packet() function in drivers/net/usb/kalmia.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Information disclosure
EUVDB-ID: #VU91333
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52730
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sdio_read_func_cis() and sdio_free_func_cis() functions in drivers/mmc/core/sdio_cis.c, within the sdio_release_func(), sdio_alloc_func() and sdio_add_func() functions in drivers/mmc/core/sdio_bus.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Memory leak
EUVDB-ID: #VU91621
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52735
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sock_map_unhash(), sock_map_destroy() and sock_map_close() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU92063
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52736
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_hda_codec_cleanup_for_unbind() function in sound/pci/hda/hda_codec.c, within the hda_codec_driver_probe() and hda_codec_driver_remove() functions in sound/pci/hda/hda_bind.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper error handling
EUVDB-ID: #VU90935
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52750
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/arm64/Kconfig. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU90068
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52752
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seq_printf() and spin_unlock() functions in fs/smb/client/cifs_debug.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Reachable Assertion
EUVDB-ID: #VU90905
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52759
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the qd_check_sync() function in fs/gfs2/quota.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper locking
EUVDB-ID: #VU91504
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52774
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dasd_profile_start() function in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) NULL pointer dereference
EUVDB-ID: #VU90421
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52789
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vcc_probe() and vcc_table_remove() functions in drivers/tty/vcc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Double free
EUVDB-ID: #VU90888
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52795
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the vhost_vdpa_probe() function in drivers/vhost/vdpa.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU90536
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52802
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the stm32_adc_probe() function in drivers/iio/adc/stm32-adc-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds read
EUVDB-ID: #VU90284
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52804
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU90283
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52805
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the diInitInode() and diAlloc() functions in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU90420
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52808
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the debugfs_bist_init_v3_hw() and debugfs_init_v3_hw() functions in drivers/scsi/hisi_sas/hisi_sas_v3_hw.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) NULL pointer dereference
EUVDB-ID: #VU90538
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52814
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_device_gpu_recover() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU90289
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52818
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/gpu/drm/amd/include/pptable.h, drivers/gpu/drm/amd/powerplay/hwmgr/pptable_v1_0.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds read
EUVDB-ID: #VU90288
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52819
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/gpu/drm/amd/powerplay/hwmgr/pptable_v1_0.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU90454
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52826
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tpg110_get_modes() function in drivers/gpu/drm/panel/panel-tpo-tpg110.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Integer overflow
EUVDB-ID: #VU91425
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52832
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper locking
EUVDB-ID: #VU91505
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52836
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the list_for_each_entry_safe(), stress_one_work() and stress() functions in kernel/locking/test-ww_mutex.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Use of uninitialized resource
EUVDB-ID: #VU90867
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52845
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the net/tipc/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) NULL pointer dereference
EUVDB-ID: #VU90433
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52858
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_topckgen_init(), mtk_infrasys_init() and mtk_pericfg_init() functions in drivers/clk/mediatek/clk-mt7629.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Use-after-free
EUVDB-ID: #VU90081
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52859
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hisi_sllc_pmu_probe() function in drivers/perf/hisilicon/hisi_uncore_sllc_pmu.c, within the hisi_pa_pmu_probe() function in drivers/perf/hisilicon/hisi_uncore_pa_pmu.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Buffer overflow
EUVDB-ID: #VU91198
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52864
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the wmi_dev_match() function in drivers/platform/x86/wmi.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Buffer overflow
EUVDB-ID: #VU93143
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52871
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the qcom_llcc_probe() function in drivers/soc/qcom/llcc-qcom.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Out-of-bounds read
EUVDB-ID: #VU91083
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52878
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the can_put_echo_skb() function in drivers/net/can/dev/skb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Memory leak
EUVDB-ID: #VU90004
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26833
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dm_sw_fini() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Resource management error
EUVDB-ID: #VU93200
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26877
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the zynqmp_handle_aes_req() function in drivers/crypto/xilinx/zynqmp-aes-gcm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper locking
EUVDB-ID: #VU90776
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26934
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the interface_authorized_store() function in drivers/usb/core/sysfs.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Race condition within a thread
EUVDB-ID: #VU91432
Risk: Low
CVSSv3.1: 6.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27020
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a data race within the __nft_expr_type_get() and nft_expr_type_get() functions in net/netfilter/nf_tables_api.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Buffer overflow
EUVDB-ID: #VU89675
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27401
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the packet_buffer_get() function in drivers/firewire/nosy.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Buffer overflow
EUVDB-ID: #VU93470
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27413
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the efi_capsule_open() function in drivers/firmware/efi/capsule-loader.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper locking
EUVDB-ID: #VU93464
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35822
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the usb_ep_queue() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Buffer overflow
EUVDB-ID: #VU93153
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35823
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the vc_uniscr_delete() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Resource management error
EUVDB-ID: #VU93429
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35840
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the subflow_finish_connect() function in net/mptcp/subflow.c. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Memory leak
EUVDB-ID: #VU91638
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35877
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the follow_phys() function in mm/memory.c, within the is_cow_mapping(), free_pfn_range() and untrack_pfn() functions in arch/x86/mm/pat.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Information disclosure
EUVDB-ID: #VU91344
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35939
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the dma_direct_alloc(), __dma_direct_free_pages() and dma_direct_alloc_pages() functions in kernel/dma/direct.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Use-after-free
EUVDB-ID: #VU92212
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35950
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Information disclosure
EUVDB-ID: #VU91343
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35956
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the btrfs_subvolume_reserve_metadata() function in fs/btrfs/root-tree.c, within the create_subvol() and create_snapshot() functions in fs/btrfs/ioctl.c, within the btrfs_delete_subvolume() and btrfs_end_transaction() functions in fs/btrfs/inode.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Resource management error
EUVDB-ID: #VU93255
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35958
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ena_unmap_tx_buff() and ena_free_tx_bufs() functions in drivers/net/ethernet/amazon/ena/ena_netdev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Improper Initialization
EUVDB-ID: #VU93351
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35960
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the add_rule_fg() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Memory leak
EUVDB-ID: #VU89973
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35978
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hci_req_sync_complete() function in net/bluetooth/hci_request.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) NULL pointer dereference
EUVDB-ID: #VU91458
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35984
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i2c_check_for_quirks() function in drivers/i2c/i2c-core-base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Buffer overflow
EUVDB-ID: #VU92955
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35995
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the show_cppc_data(), acpi_cppc_processor_probe(), cpc_read() and cpc_write() functions in drivers/acpi/cppc_acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Reachable Assertion
EUVDB-ID: #VU90907
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36000
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the alloc_huge_page() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Unchecked Return Value
EUVDB-ID: #VU89896
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36015
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an unchecked return value within the register_device() function in drivers/char/ppdev.c. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Double Free
EUVDB-ID: #VU90885
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36940
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Out-of-bounds write
EUVDB-ID: #VU92411
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-42327
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to out-of-bounds write error. A local privileged user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
