openEuler 20.03 LTS SP4 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 48 |
| CVE-ID | CVE-2021-47236 CVE-2021-47254 CVE-2021-47294 CVE-2021-47315 CVE-2021-47324 CVE-2021-47329 CVE-2021-47403 CVE-2021-47409 CVE-2021-47424 CVE-2021-47460 CVE-2021-47476 CVE-2021-47478 CVE-2021-47479 CVE-2021-47499 CVE-2021-47511 CVE-2021-47518 CVE-2021-47538 CVE-2021-47541 CVE-2021-47542 CVE-2021-47543 CVE-2021-47544 CVE-2021-47547 CVE-2023-52686 CVE-2023-52705 CVE-2023-52753 CVE-2023-52754 CVE-2023-52756 CVE-2023-52774 CVE-2023-52803 CVE-2023-52864 CVE-2023-52865 CVE-2023-52871 CVE-2024-27413 CVE-2024-35809 CVE-2024-35811 CVE-2024-35888 CVE-2024-35896 CVE-2024-35984 CVE-2024-36017 CVE-2024-36029 CVE-2024-36883 CVE-2024-36902 CVE-2024-36903 CVE-2024-36917 CVE-2024-36924 CVE-2024-36954 CVE-2024-36964 CVE-2023-47233 |
| CWE-ID | CWE-401 CWE-416 CWE-399 CWE-200 CWE-476 CWE-908 CWE-119 CWE-20 CWE-125 CWE-667 CWE-388 CWE-269 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system perf-debuginfo Operating systems & Components / Operating system package or component python2-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component python3-perf-debuginfo Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component python2-perf Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 48 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU91632
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47236
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the eem_tx_fixup() function in drivers/net/usb/cdc_eem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU90086
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47254
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __acquires() and gfs2_scan_glock_lru() functions in fs/gfs2/glock.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU93279
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47294
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nr_heartbeat_expiry(), nr_t2timer_expiry(), nr_t4timer_expiry(), nr_idletimer_expiry() and nr_t1timer_expiry() functions in net/netrom/nr_timer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU91335
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47315
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the fsl_ifc_ctrl_probe() and free_irq() functions in drivers/memory/fsl_ifc.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU90118
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47324
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wdt_startup() function in drivers/watchdog/sbc60xxwdt.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU91337
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47329
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the megasas_alloc_fusion_context() function in drivers/scsi/megaraid/megaraid_sas_fusion.c, within the megasas_probe_one() and megasas_release_fusion() functions in drivers/scsi/megaraid/megaraid_sas_base.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory leak
EUVDB-ID: #VU91623
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47403
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ipoctal_port_activate() and ipoctal_cleanup() functions in drivers/ipack/devices/ipoctal.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU92067
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47409
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dwc2_hcd_init() function in drivers/usb/dwc2/hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use of uninitialized resource
EUVDB-ID: #VU90976
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47424
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the i40e_clear_interrupt_scheme() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU93141
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47460
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ocfs2_set_inode_data_inline() and ocfs2_convert_inline_data_to_extents() functions in fs/ocfs2/alloc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU90851
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47476
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sizeof() and ni6501_find_endpoints() functions in drivers/staging/comedi/drivers/ni_usb6501.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU91081
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47478
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the isofs_read_inode() function in fs/isofs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU90059
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47479
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the r871xu_dev_remove() function in drivers/staging/rtl8712/usb_intf.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Memory leak
EUVDB-ID: #VU89922
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47499
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kxcjk1013_probe() and kxcjk1013_remove() functions in drivers/iio/accel/kxcjk-1013.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU92005
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47511
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the snd_pcm_hw_param_value_min() and snd_pcm_oss_period_size() functions in sound/core/oss/pcm_oss.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) NULL pointer dereference
EUVDB-ID: #VU90531
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47518
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfc_genl_dump_ses_done() function in net/nfc/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Information disclosure
EUVDB-ID: #VU91325
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47538
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the rxrpc_create_peer(), rxrpc_lookup_peer(), __rxrpc_put_peer() and rxrpc_put_peer_locked() functions in net/rxrpc/peer_object.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU90055
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47541
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx4_en_try_alloc_resources() function in drivers/net/ethernet/mellanox/mlx4/en_netdev.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU90396
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47542
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qlcnic_83xx_add_rings() function in drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Memory leak
EUVDB-ID: #VU89929
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47543
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fetch_kernel_version() function in tools/perf/util/util.c, within the report__browse_hists() function in tools/perf/builtin-report.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Buffer overflow
EUVDB-ID: #VU93138
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47544
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the include/net/sock.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds read
EUVDB-ID: #VU91080
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47547
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mii_get_phy() function in drivers/net/ethernet/dec/tulip/de4x5.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) NULL pointer dereference
EUVDB-ID: #VU90548
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52686
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the opal_event_init() function in arch/powerpc/platforms/powernv/opal-irqchip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds read
EUVDB-ID: #VU91387
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52705
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nilfs_load_super_block() function in fs/nilfs2/the_nilfs.c, within the nilfs_resize_fs() function in fs/nilfs2/super.c, within the nilfs_ioctl_set_alloc_range() function in fs/nilfs2/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU91226
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52753
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_stream_get_vblank_counter() and dc_stream_get_scanoutpos() functions in drivers/gpu/drm/amd/display/dc/core/dc_stream.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Input validation error
EUVDB-ID: #VU90854
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52754
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the imon_probe() function in drivers/media/rc/imon.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Buffer overflow
EUVDB-ID: #VU91307
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52756
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the include/linux/pwm.h. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper locking
EUVDB-ID: #VU91504
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52774
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dasd_profile_start() function in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU90079
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52803
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rpc_clnt_remove_pipedir() and rpc_setup_pipedir() functions in net/sunrpc/clnt.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Buffer overflow
EUVDB-ID: #VU91198
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52864
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the wmi_dev_match() function in drivers/platform/x86/wmi.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU90425
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52865
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_topckgen_init(), mtk_infrasys_init_early() and mtk_infrasys_init() functions in drivers/clk/mediatek/clk-mt6797.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Buffer overflow
EUVDB-ID: #VU93143
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52871
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the qcom_llcc_probe() function in drivers/soc/qcom/llcc-qcom.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Buffer overflow
EUVDB-ID: #VU93470
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27413
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the efi_capsule_open() function in drivers/firmware/efi/capsule-loader.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper error handling
EUVDB-ID: #VU90947
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35809
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the pci_device_remove() function in drivers/pci/pci-driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Use-after-free
EUVDB-ID: #VU90164
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35811
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcmf_notify_escan_complete() and brcmf_cfg80211_detach() functions in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Use of uninitialized resource
EUVDB-ID: #VU90873
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35888
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ip6erspan_rcv() function in net/ipv6/ip6_gre.c, within the erspan_rcv() function in net/ipv4/ip_gre.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Out-of-bounds read
EUVDB-ID: #VU90309
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35896
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_replace() and compat_do_replace() functions in net/ipv6/netfilter/ip6_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/ip_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/arp_tables.c, within the do_replace(), update_counters() and compat_update_counters() functions in net/bridge/netfilter/ebtables.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) NULL pointer dereference
EUVDB-ID: #VU91458
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35984
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i2c_check_for_quirks() function in drivers/i2c/i2c-core-base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Out-of-bounds read
EUVDB-ID: #VU93081
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36017
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_setvfinfo() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Resource management error
EUVDB-ID: #VU92981
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36029
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sdhci_msm_runtime_suspend() and sdhci_msm_runtime_resume() functions in drivers/mmc/host/sdhci-msm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Out-of-bounds read
EUVDB-ID: #VU90272
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36883
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net_alloc_generic() and register_pernet_operations() functions in net/core/net_namespace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) NULL pointer dereference
EUVDB-ID: #VU91222
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36902
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __fib6_rule_action() function in net/ipv6/fib6_rules.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Use of uninitialized resource
EUVDB-ID: #VU90865
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36903
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __ip6_make_skb() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Buffer overflow
EUVDB-ID: #VU92094
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36917
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the blk_ioctl_discard() function in block/ioctl.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper locking
EUVDB-ID: #VU90734
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36924
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lpfc_set_rrq_active() and lpfc_sli_post_recovery_event() functions in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c, within the lpfc_els_retry_delay() function in drivers/scsi/lpfc/lpfc_els.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Memory leak
EUVDB-ID: #VU90431
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36954
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tipc_buf_append() function in net/tipc/msg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Improper privilege management
EUVDB-ID: #VU93734
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36964
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Use-after-free
EUVDB-ID: #VU82755
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-47233
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an attacker to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcm80211 in a brcmf_cfg80211_detach in the device unplugging (disconnect the USB by hotplug) code. An attacker with physical access to device can trigger a use-after-free error and escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
