openEuler 22.03 LTS SP3 update for kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 67 |
| CVE-ID | CVE-2021-47265 CVE-2021-47356 CVE-2021-47370 CVE-2021-47427 CVE-2021-47489 CVE-2022-48689 CVE-2023-52654 CVE-2023-52669 CVE-2023-52677 CVE-2023-52696 CVE-2023-52699 CVE-2023-52750 CVE-2023-52752 CVE-2023-52753 CVE-2023-52756 CVE-2023-52759 CVE-2023-52774 CVE-2023-52789 CVE-2023-52795 CVE-2023-52796 CVE-2023-52798 CVE-2023-52799 CVE-2023-52800 CVE-2023-52802 CVE-2023-52814 CVE-2023-52819 CVE-2023-52826 CVE-2023-52831 CVE-2023-52832 CVE-2023-52836 CVE-2023-52838 CVE-2023-52864 CVE-2023-52865 CVE-2023-52871 CVE-2023-52875 CVE-2023-52878 CVE-2024-26833 CVE-2024-26877 CVE-2024-26934 CVE-2024-27020 CVE-2024-27399 CVE-2024-27401 CVE-2024-27413 CVE-2024-27415 CVE-2024-35789 CVE-2024-35808 CVE-2024-35822 CVE-2024-35823 CVE-2024-35840 CVE-2024-35855 CVE-2024-35877 CVE-2024-35900 CVE-2024-35904 CVE-2024-35925 CVE-2024-35939 CVE-2024-35950 CVE-2024-35956 CVE-2024-35958 CVE-2024-35960 CVE-2024-35978 CVE-2024-35989 CVE-2024-36000 CVE-2024-36004 CVE-2024-36007 CVE-2024-36015 CVE-2024-36940 CVE-2021-42327 |
| CWE-ID | CWE-20 CWE-416 CWE-399 CWE-125 CWE-366 CWE-476 CWE-667 CWE-388 CWE-119 CWE-617 CWE-415 CWE-190 CWE-401 CWE-682 CWE-369 CWE-200 CWE-665 CWE-252 CWE-787 |
| Exploitation vector | Local network |
| Public exploit | Public exploit code for vulnerability #67 is available. |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 67 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU93174
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47265
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5_ib_create_flow() function in drivers/infiniband/hw/mlx5/fs.c, within the mlx4_ib_create_flow() function in drivers/infiniband/hw/mlx4/main.c, within the ib_uverbs_ex_create_flow() function in drivers/infiniband/core/uverbs_cmd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU90134
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47356
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the HFC_cleanup() function in drivers/isdn/hardware/mISDN/hfcpci.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU93266
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47370
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_sendmsg_frag() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU91057
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47427
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iscsi_eh_abort() function in drivers/scsi/libiscsi.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU91082
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47489
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dp_phy_settings_write(), dp_phy_test_pattern_debugfs_write(), dp_dsc_passthrough_set(), trigger_hotplug(), dp_dsc_clock_en_write(), dp_dsc_slice_width_write(), dp_dsc_slice_height_write(), dp_dsc_bits_per_pixel_write() and dp_max_bpc_write() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Race condition within a thread
EUVDB-ID: #VU91430
Risk: Low
CVSSv3.1: 6.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48689
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a data race within the skb_frag_size_add() function in net/ipv4/tcp.c, within the __zerocopy_sg_from_iter() function in net/core/datagram.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource management error
EUVDB-ID: #VU93257
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52654
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the scm_fp_copy() function in net/core/scm.c, within the io_finish_async() and io_sqe_files_register() functions in fs/io_uring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU91423
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52669
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ctr_paes_crypt() function in arch/s390/crypto/paes_s390.c, within the ctr_aes_crypt() function in arch/s390/crypto/aes_s390.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU93679
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52677
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ALIGN() function in arch/riscv/kernel/vmlinux.lds.S, within the INIT_TEXT_SECTION() function in arch/riscv/kernel/vmlinux-xip.lds.S, within the is_kernel_exittext() and patch_map() functions in arch/riscv/kernel/patch.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU90550
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52696
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the opal_powercap_init() function in arch/powerpc/platforms/powernv/opal-powercap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper locking
EUVDB-ID: #VU90751
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52699
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the block_end(), get_branch(), get_block() and find_shared() functions in fs/sysv/itree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper error handling
EUVDB-ID: #VU90935
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52750
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/arm64/Kconfig. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU90068
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52752
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seq_printf() and spin_unlock() functions in fs/smb/client/cifs_debug.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) NULL pointer dereference
EUVDB-ID: #VU91226
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52753
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_stream_get_vblank_counter() and dc_stream_get_scanoutpos() functions in drivers/gpu/drm/amd/display/dc/core/dc_stream.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU91307
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52756
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the include/linux/pwm.h. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Reachable Assertion
EUVDB-ID: #VU90905
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52759
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the qd_check_sync() function in fs/gfs2/quota.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper locking
EUVDB-ID: #VU91504
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52774
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dasd_profile_start() function in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU90421
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52789
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vcc_probe() and vcc_table_remove() functions in drivers/tty/vcc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Double free
EUVDB-ID: #VU90888
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52795
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the vhost_vdpa_probe() function in drivers/vhost/vdpa.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper locking
EUVDB-ID: #VU91506
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52796
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipvlan_addr_lookup(), IS_ENABLED() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU90075
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52798
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath11k_wmi_pdev_dfs_radar_detected_event() function in drivers/net/wireless/ath/ath11k/wmi.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds read
EUVDB-ID: #VU90281
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52799
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAllocCtl(), dbFindCtl(), dbAllocDmapLev(), dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Use-after-free
EUVDB-ID: #VU90071
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath11k_htt_pktlog() function in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) NULL pointer dereference
EUVDB-ID: #VU90536
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52802
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the stm32_adc_probe() function in drivers/iio/adc/stm32-adc-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU90538
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52814
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_device_gpu_recover() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds read
EUVDB-ID: #VU90288
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52819
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/gpu/drm/amd/powerplay/hwmgr/pptable_v1_0.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) NULL pointer dereference
EUVDB-ID: #VU90454
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52826
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tpg110_get_modes() function in drivers/gpu/drm/panel/panel-tpo-tpg110.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper error handling
EUVDB-ID: #VU90934
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52831
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the cpu_down_maps_locked() function in kernel/cpu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Integer overflow
EUVDB-ID: #VU91425
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52832
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper locking
EUVDB-ID: #VU91505
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52836
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the list_for_each_entry_safe(), stress_one_work() and stress() functions in kernel/locking/test-ww_mutex.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improper error handling
EUVDB-ID: #VU90933
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52838
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the imsttfb_probe() function in drivers/video/fbdev/imsttfb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Buffer overflow
EUVDB-ID: #VU91198
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52864
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the wmi_dev_match() function in drivers/platform/x86/wmi.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) NULL pointer dereference
EUVDB-ID: #VU90425
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52865
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_topckgen_init(), mtk_infrasys_init_early() and mtk_infrasys_init() functions in drivers/clk/mediatek/clk-mt6797.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Buffer overflow
EUVDB-ID: #VU93143
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52871
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the qcom_llcc_probe() function in drivers/soc/qcom/llcc-qcom.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) NULL pointer dereference
EUVDB-ID: #VU90424
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52875
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_topckgen_init(), mtk_infrasys_init_early(), mtk_infrasys_init() and mtk_pericfg_init() functions in drivers/clk/mediatek/clk-mt2701.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Out-of-bounds read
EUVDB-ID: #VU91083
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52878
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the can_put_echo_skb() function in drivers/net/can/dev/skb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Memory leak
EUVDB-ID: #VU90004
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26833
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dm_sw_fini() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Resource management error
EUVDB-ID: #VU93200
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26877
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the zynqmp_handle_aes_req() function in drivers/crypto/xilinx/zynqmp-aes-gcm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Improper locking
EUVDB-ID: #VU90776
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26934
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the interface_authorized_store() function in drivers/usb/core/sysfs.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Race condition within a thread
EUVDB-ID: #VU91432
Risk: Low
CVSSv3.1: 6.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27020
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a data race within the __nft_expr_type_get() and nft_expr_type_get() functions in net/netfilter/nf_tables_api.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) NULL pointer dereference
EUVDB-ID: #VU89673
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27399
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error within the l2cap_chan_timeout() function in net/bluetooth/l2cap_core.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Buffer overflow
EUVDB-ID: #VU89675
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27401
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the packet_buffer_get() function in drivers/firewire/nosy.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Buffer overflow
EUVDB-ID: #VU93470
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27413
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the efi_capsule_open() function in drivers/firmware/efi/capsule-loader.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Improper locking
EUVDB-ID: #VU91317
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27415
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nf_conntrack_init_end() function in net/netfilter/nf_conntrack_core.c, within the nf_ct_bridge_pre() function in net/bridge/netfilter/nf_conntrack_bridge.c, within the IS_ENABLED() and br_nf_pre_routing() functions in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Use-after-free
EUVDB-ID: #VU90167
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35789
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ieee80211_change_station() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Improper locking
EUVDB-ID: #VU90754
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35808
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the raid_message() function in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Improper locking
EUVDB-ID: #VU93464
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35822
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the usb_ep_queue() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Buffer overflow
EUVDB-ID: #VU93153
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35823
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the vc_uniscr_delete() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Resource management error
EUVDB-ID: #VU93429
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35840
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the subflow_finish_connect() function in net/mptcp/subflow.c. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Use-after-free
EUVDB-ID: #VU90163
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35855
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_acl_tcam_ventry_activity_get() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Memory leak
EUVDB-ID: #VU91638
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35877
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the follow_phys() function in mm/memory.c, within the is_cow_mapping(), free_pfn_range() and untrack_pfn() functions in arch/x86/mm/pat.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Incorrect calculation
EUVDB-ID: #VU93613
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35900
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the nf_tables_addchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) NULL pointer dereference
EUVDB-ID: #VU93461
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35904
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_sel_fs() function in security/selinux/selinuxfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Division by zero
EUVDB-ID: #VU91373
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35925
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the blk_rq_stat_init() function in block/blk-stat.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Information disclosure
EUVDB-ID: #VU91344
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35939
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the dma_direct_alloc(), __dma_direct_free_pages() and dma_direct_alloc_pages() functions in kernel/dma/direct.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Use-after-free
EUVDB-ID: #VU92212
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35950
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Information disclosure
EUVDB-ID: #VU91343
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35956
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the btrfs_subvolume_reserve_metadata() function in fs/btrfs/root-tree.c, within the create_subvol() and create_snapshot() functions in fs/btrfs/ioctl.c, within the btrfs_delete_subvolume() and btrfs_end_transaction() functions in fs/btrfs/inode.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Resource management error
EUVDB-ID: #VU93255
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35958
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ena_unmap_tx_buff() and ena_free_tx_bufs() functions in drivers/net/ethernet/amazon/ena/ena_netdev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Improper Initialization
EUVDB-ID: #VU93351
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35960
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the add_rule_fg() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Memory leak
EUVDB-ID: #VU89973
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35978
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hci_req_sync_complete() function in net/bluetooth/hci_request.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Resource management error
EUVDB-ID: #VU93472
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35989
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the perf_event_cpu_offline() function in drivers/dma/idxd/perfmon.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Reachable Assertion
EUVDB-ID: #VU90907
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36000
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the alloc_huge_page() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Resource management error
EUVDB-ID: #VU93281
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36004
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the i40e_init_module() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Incorrect calculation
EUVDB-ID: #VU93612
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36007
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the mlxsw_sp_acl_tcam_vregion_rehash_work(), mlxsw_sp_acl_tcam_rehash_ctx_vregion_changed(), mlxsw_sp_acl_tcam_vchunk_migrate_end(), mlxsw_sp_acl_tcam_vchunk_migrate_one(), mlxsw_sp_acl_tcam_vregion_migrate() and mlxsw_sp_acl_tcam_vregion_rehash_start() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Unchecked Return Value
EUVDB-ID: #VU89896
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36015
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an unchecked return value within the register_device() function in drivers/char/ppdev.c. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Double Free
EUVDB-ID: #VU90885
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36940
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Out-of-bounds write
EUVDB-ID: #VU92411
Risk: Low
CVSSv3.1: 6 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-42327
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to out-of-bounds write error. A local privileged user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-202.0.0.115
kernel-tools-devel: before 5.10.0-202.0.0.115
kernel-tools-debuginfo: before 5.10.0-202.0.0.115
python3-perf: before 5.10.0-202.0.0.115
kernel-debugsource: before 5.10.0-202.0.0.115
kernel-debuginfo: before 5.10.0-202.0.0.115
kernel-source: before 5.10.0-202.0.0.115
kernel-headers: before 5.10.0-202.0.0.115
kernel-tools: before 5.10.0-202.0.0.115
perf-debuginfo: before 5.10.0-202.0.0.115
kernel-devel: before 5.10.0-202.0.0.115
perf: before 5.10.0-202.0.0.115
kernel: before 5.10.0-202.0.0.115
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
