Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 35 |
CVE-ID | CVE-2021-47381 CVE-2021-47427 CVE-2021-47469 CVE-2023-39180 CVE-2023-52696 CVE-2023-52791 CVE-2023-52853 CVE-2024-26592 CVE-2024-26852 CVE-2024-26921 CVE-2024-26935 CVE-2024-26988 CVE-2024-27032 CVE-2024-27038 CVE-2024-27047 CVE-2024-27052 CVE-2024-27053 CVE-2024-27417 CVE-2024-31076 CVE-2024-35811 CVE-2024-35817 CVE-2024-35830 CVE-2024-35947 CVE-2024-36969 CVE-2024-36978 CVE-2024-38538 CVE-2024-38545 CVE-2024-38549 CVE-2024-38555 CVE-2024-38569 CVE-2024-38591 CVE-2024-38601 CVE-2024-38634 CVE-2024-38662 CVE-2023-47233 |
CWE-ID | CWE-119 CWE-416 CWE-667 CWE-401 CWE-476 CWE-191 CWE-200 CWE-835 CWE-399 CWE-388 CWE-369 CWE-125 CWE-908 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system kernel-headers Operating systems & Components / Operating system package or component python3-perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 35 vulnerabilities.
EUVDB-ID: #VU93502
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47381
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the xtensa_stack() function in sound/soc/sof/xtensa/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91057
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47427
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iscsi_eh_abort() function in drivers/scsi/libiscsi.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90737
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47469
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the LIST_HEAD(), spi_add_device(), spi_add_device_locked(), spi_register_controller() and spi_unregister_controller() functions in drivers/spi/spi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92188
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39180
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak when handling SMB2_READ commands in ksmbd. A remote attacker can force the application to leak memory and perform denial of service attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90550
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52696
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the opal_powercap_init() function in arch/powerpc/platforms/powernv/opal-powercap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93438
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52791
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/i2c/i2c-core.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91229
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52853
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cp2112_gpio_irq_startup() and cp2112_probe() functions in drivers/hid/hid-cp2112.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86812
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26592
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a race condition when handling TCP connect and disconnect events within the ksmbd_tcp_new_connection() function in
ksmbd. A remote non-authenticated attacker can trigger a use-after-free error and crash the kernel or execute arbitrary code on the system.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90194
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26852
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_route_multipath_add() and list_for_each_entry_safe() functions in net/ipv6/route.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91672
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26921
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nf_ct_frag6_queue() and nf_ct_frag6_gather() functions in net/ipv6/netfilter/nf_conntrack_reasm.c, within the ip_frag_queue() and ip_defrag() functions in net/ipv4/ip_fragment.c, within the FRAG_CB(), inet_frag_queue_insert(), inet_frag_reasm_prepare(), EXPORT_SYMBOL() and inet_frag_reasm_finish() functions in net/ipv4/inet_fragment.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91358
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26935
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the scsi_host_dev_release() function in drivers/scsi/hosts.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93305
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26988
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the setup_command_line() function in init/main.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93065
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27032
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the f2fs_reserve_new_block_retry() function in fs/f2fs/recovery.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91236
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27038
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the clk_core_get() function in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90520
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27047
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the phy_get_internal_delay() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90180
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27052
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtl8xxxu_stop() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92029
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27053
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wilc_parse_join_bss_param() function in drivers/staging/wilc1000/wilc_hif.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91349
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27417
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the inet6_rtm_getaddr() function in net/ipv6/addrconf.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93016
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-31076
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the migrate_one_irq() function in kernel/irq/cpuhotplug.c, within the __send_cleanup_vector(), irq_complete_move() and irq_force_complete_move() functions in arch/x86/kernel/apic/vector.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90164
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35811
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcmf_notify_escan_complete() and brcmf_cfg80211_detach() functions in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93595
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35817
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_ttm_gart_bind() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93591
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35830
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93468
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35947
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error within the ddebug_tokenize() function in lib/dynamic_debug.c. A local user can crash the OS kernel.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91563
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36969
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the setup_dsc_config() function in drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92332
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36978
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the multiq_tune() function in net/sched/sch_multiq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92373
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38538
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and br_dev_xmit() functions in net/bridge/br_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92306
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38545
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_cqc(), free_cqc() and hns_roce_cq_event() functions in drivers/infiniband/hw/hns/hns_roce_cq.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93390
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38549
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mtk_drm_gem_init() function in drivers/gpu/drm/mediatek/mtk_drm_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92307
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38555
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cmd_comp_notifier() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92324
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38569
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hisi_pcie_pmu_validate_event_group() function in drivers/perf/hisilicon/hisi_pcie_pmu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92364
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38591
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the alloc_srqc() and free_srqc() functions in drivers/infiniband/hw/hns/hns_roce_srq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93063
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38601
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rb_check_list() and ring_buffer_resize() functions in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93038
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38634
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the max3100_sr() and max3100_handlerx() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93033
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38662
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the may_update_sockmap() and check_map_func_compatibility() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU82755
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-47233
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an attacker to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcm80211 in a brcmf_cfg80211_detach in the device unplugging (disconnect the USB by hotplug) code. An attacker with physical access to device can trigger a use-after-free error and escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.82.0.163
python3-perf-debuginfo: before 5.10.0-136.82.0.163
perf: before 5.10.0-136.82.0.163
kernel-devel: before 5.10.0-136.82.0.163
perf-debuginfo: before 5.10.0-136.82.0.163
kernel-source: before 5.10.0-136.82.0.163
kernel-debugsource: before 5.10.0-136.82.0.163
python3-perf: before 5.10.0-136.82.0.163
kernel-tools: before 5.10.0-136.82.0.163
kernel-debuginfo: before 5.10.0-136.82.0.163
kernel-tools-devel: before 5.10.0-136.82.0.163
kernel-tools-debuginfo: before 5.10.0-136.82.0.163
kernel: before 5.10.0-136.82.0.163
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1768
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.