openEuler 20.03 LTS SP4 update for kernel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 54 |
| CVE-ID | CVE-2021-47229 CVE-2021-47234 CVE-2021-47249 CVE-2021-47257 CVE-2021-47267 CVE-2021-47281 CVE-2021-47301 CVE-2021-47310 CVE-2021-47321 CVE-2021-47334 CVE-2021-47344 CVE-2021-47354 CVE-2021-47372 CVE-2021-47425 CVE-2021-47440 CVE-2021-47456 CVE-2021-47468 CVE-2021-47474 CVE-2021-47482 CVE-2021-47483 CVE-2021-47485 CVE-2021-47496 CVE-2021-47509 CVE-2021-47516 CVE-2021-47571 CVE-2022-48693 CVE-2023-52708 CVE-2023-52742 CVE-2023-52747 CVE-2023-52764 CVE-2023-52810 CVE-2023-52836 CVE-2023-52843 CVE-2023-52875 CVE-2023-52880 CVE-2024-27014 CVE-2024-27019 CVE-2024-27402 CVE-2024-35819 CVE-2024-35821 CVE-2024-35828 CVE-2024-35910 CVE-2024-35935 CVE-2024-35937 CVE-2024-35947 CVE-2024-35982 CVE-2024-36016 CVE-2024-36886 CVE-2024-36901 CVE-2024-36905 CVE-2024-36919 CVE-2024-36934 CVE-2024-36952 CVE-2024-36960 |
| CWE-ID | CWE-399 CWE-401 CWE-476 CWE-416 CWE-667 CWE-200 CWE-119 CWE-388 CWE-415 CWE-125 CWE-908 CWE-264 CWE-366 CWE-835 CWE-787 CWE-362 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system bpftool-debuginfo Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component python2-perf Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component python3-perf-debuginfo Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component python2-perf-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 54 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU93455
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47229
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the advk_pcie_wait_pio(), advk_pcie_rd_conf() and advk_pcie_wr_conf() functions in drivers/pci/host/pci-aardvark.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory leak
EUVDB-ID: #VU91633
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47234
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mtk_phy_init() function in drivers/phy/mediatek/phy-mtk-tphy.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU89950
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47249
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rds_recvmsg() function in net/rds/recv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU93262
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47257
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ieee802154_llsec_parse_dev_addr() function in net/ieee802154/nl802154.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU90474
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47267
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the usb_assign_descriptors() function in drivers/usb/gadget/config.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU90095
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47281
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_seq_timer_open() function in sound/core/seq/seq_timer.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU90098
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47301
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the igb_clean_tx_ring() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU90102
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47310
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tlan_remove_one() function in drivers/net/ethernet/ti/tlan.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU90105
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47321
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wdt_startup() function in drivers/watchdog/w83877f_wdt.c, within the lpc18xx_wdt_remove() function in drivers/watchdog/lpc18xx_wdt.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU90119
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47334
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ibmasm_init_one() function in drivers/misc/ibmasm/module.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory leak
EUVDB-ID: #VU89962
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47344
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the zr364xx_start_readpipe() function in drivers/media/usb/zr364xx/zr364xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper locking
EUVDB-ID: #VU93454
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47354
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drm_sched_entity_kill_jobs_cb() function in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU90136
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47372
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the macb_remove() function in drivers/net/ethernet/cadence/macb_pci.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Information disclosure
EUVDB-ID: #VU91338
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47425
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the i2c_acpi_notify() function in drivers/i2c/i2c-core-acpi.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) NULL pointer dereference
EUVDB-ID: #VU90408
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47440
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the encx24j600_spi_probe() function in drivers/net/ethernet/microchip/encx24j600.c, within the devm_regmap_init_encx24j600() function in drivers/net/ethernet/microchip/encx24j600-regmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU90060
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47456
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the peak_pci_remove() function in drivers/net/can/sja1000/peak_pci.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper locking
EUVDB-ID: #VU92012
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47468
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nj_release() function in drivers/isdn/hardware/mISDN/netjet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Buffer overflow
EUVDB-ID: #VU91304
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47474
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the vmk80xx_do_bulk_msg() function in drivers/staging/comedi/drivers/vmk80xx.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper error handling
EUVDB-ID: #VU90930
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47482
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the batadv_tt_init() function in net/batman-adv/translation-table.c, within the batadv_nc_mesh_init() function in net/batman-adv/network-coding.c, within the batadv_mesh_init() function in net/batman-adv/main.c, within the batadv_bla_init() function in net/batman-adv/bridge_loop_avoidance.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Double free
EUVDB-ID: #VU90920
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47483
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the regcache_rbtree_insert_to_block() function in drivers/base/regmap/regcache-rbtree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Buffer overflow
EUVDB-ID: #VU91305
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47485
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the qib_user_sdma_num_pages(), qib_user_sdma_free_pkt_frag(), qib_user_sdma_pin_pkt() and qib_user_sdma_queue_pkts() functions in drivers/infiniband/hw/qib/qib_user_sdma.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Buffer overflow
EUVDB-ID: #VU91197
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47496
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the tls_err_abort(), tls_tx_records(), tls_push_record(), tls_sw_recvmsg() and tls_sw_splice_read() functions in net/tls/tls_sw.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Buffer overflow
EUVDB-ID: #VU93398
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47509
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the snd_pcm_oss_set_fragment1() function in sound/core/oss/pcm_oss.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Memory leak
EUVDB-ID: #VU89924
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47516
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfp_cpp_area_cache_add() function in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU91051
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47571
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the _rtl92e_pci_disconnect() function in drivers/staging/rtl8192e/rtl8192e/rtl_core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Information disclosure
EUVDB-ID: #VU91352
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48693
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to information disclosure within the brcmstb_pm_probe() function in drivers/soc/bcm/brcmstb/pm/pm-arm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper error handling
EUVDB-ID: #VU90936
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52708
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mmc_spi_probe() function in drivers/mmc/host/mmc_spi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Resource management error
EUVDB-ID: #VU93466
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52742
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pl_vendor_req() function in drivers/net/usb/plusb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Information disclosure
EUVDB-ID: #VU91332
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52747
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the user_exp_rcv_setup() function in drivers/infiniband/hw/hfi1/file_ops.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Out-of-bounds read
EUVDB-ID: #VU90278
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52764
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the set_flicker() function in drivers/media/usb/gspca/cpia1.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Out-of-bounds read
EUVDB-ID: #VU90285
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52810
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper locking
EUVDB-ID: #VU91505
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52836
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the list_for_each_entry_safe(), stress_one_work() and stress() functions in kernel/locking/test-ww_mutex.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Use of uninitialized resource
EUVDB-ID: #VU90868
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52843
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the llc_station_ac_send_test_r() function in net/llc/llc_station.c, within the llc_sap_action_send_test_r() function in net/llc/llc_s_ac.c, within the llc_fixup_skb() function in net/llc/llc_input.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) NULL pointer dereference
EUVDB-ID: #VU90424
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52875
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_topckgen_init(), mtk_infrasys_init_early(), mtk_infrasys_init() and mtk_pericfg_init() functions in drivers/clk/mediatek/clk-mt2701.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU89899
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52880
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to missing permissions checks within the gsmld_open() function in drivers/tty/n_gsm.c. A local user with CAP_NET_ADMIN capability can create a GSM network.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper locking
EUVDB-ID: #VU90768
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27014
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5e_arfs_enable(), arfs_del_rules(), arfs_handle_work() and mlx5e_rx_flow_steer() functions in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Race condition within a thread
EUVDB-ID: #VU91431
Risk: Low
CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27019
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a data race within the __nft_obj_type_get() and nft_obj_type_get() functions in net/netfilter/nf_tables_api.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Improper locking
EUVDB-ID: #VU92026
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27402
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pep_sock_enable() and pep_ioctl() functions in net/phonet/pep.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Improper locking
EUVDB-ID: #VU91448
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35819
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qman_create_portal(), qm_congestion_task(), qman_create_cgr(), qman_delete_cgr() and qman_update_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper locking
EUVDB-ID: #VU92025
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35821
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the write_begin_slow(), ubifs_write_begin() and ubifs_write_end() functions in fs/ubifs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Memory leak
EUVDB-ID: #VU90447
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35828
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lbs_allocate_cmd_buffer() function in drivers/net/wireless/marvell/libertas/cmd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Improper locking
EUVDB-ID: #VU92021
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35910
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcp_close() function in net/ipv4/tcp.c, within the inet_csk_clear_xmit_timers() function in net/ipv4/inet_connection_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Improper error handling
EUVDB-ID: #VU90944
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35935
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the iterate_inode_ref() function in fs/btrfs/send.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Out-of-bounds read
EUVDB-ID: #VU91093
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35937
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ieee80211_amsdu_subframe_length(), ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper error handling
EUVDB-ID: #VU93468
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35947
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error within the ddebug_tokenize() function in lib/dynamic_debug.c. A local user can crash the OS kernel.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Infinite loop
EUVDB-ID: #VU91411
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35982
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the batadv_tt_local_resize_to_mtu() function in net/batman-adv/translation-table.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Out-of-bounds write
EUVDB-ID: #VU89898
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36016
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the gsm0_receive() function in drivers/tty/n_gsm.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Use-after-free
EUVDB-ID: #VU90049
Risk: High
CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36886
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) NULL pointer dereference
EUVDB-ID: #VU91224
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36901
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip6_output() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Race condition
EUVDB-ID: #VU93375
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36905
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tcp_send_fin() function in net/ipv4/tcp_output.c, within the tcp_rcv_state_process() function in net/ipv4/tcp_input.c, within the tcp_shutdown() and __tcp_close() functions in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Improper locking
EUVDB-ID: #VU92010
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36919
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bnx2fc_free_session_resc() function in drivers/scsi/bnx2fc/bnx2fc_tgt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Out-of-bounds read
EUVDB-ID: #VU90266
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36934
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnad_debugfs_write_regrd() and bnad_debugfs_write_regwr() functions in drivers/net/ethernet/brocade/bna/bnad_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Race condition
EUVDB-ID: #VU91463
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36952
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Out-of-bounds read
EUVDB-ID: #VU90819
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36960
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vmw_event_fence_action_create() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
