openEuler 22.03 LTS SP3 update for kernel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 56 |
| CVE-ID | CVE-2021-47247 CVE-2021-47484 CVE-2021-47558 CVE-2022-48652 CVE-2023-52672 CVE-2023-52680 CVE-2023-52686 CVE-2023-52693 CVE-2023-52732 CVE-2023-52762 CVE-2023-52775 CVE-2023-52803 CVE-2023-52810 CVE-2023-52880 CVE-2023-52881 CVE-2024-26835 CVE-2024-26889 CVE-2024-27393 CVE-2024-27402 CVE-2024-27408 CVE-2024-35790 CVE-2024-35809 CVE-2024-35811 CVE-2024-35853 CVE-2024-35854 CVE-2024-35871 CVE-2024-35888 CVE-2024-35895 CVE-2024-35896 CVE-2024-35905 CVE-2024-35924 CVE-2024-35967 CVE-2024-35973 CVE-2024-35982 CVE-2024-35984 CVE-2024-36017 CVE-2024-36029 CVE-2024-36883 CVE-2024-36886 CVE-2024-36889 CVE-2024-36898 CVE-2024-36899 CVE-2024-36901 CVE-2024-36902 CVE-2024-36903 CVE-2024-36906 CVE-2024-36908 CVE-2024-36917 CVE-2024-36924 CVE-2024-36928 CVE-2024-36929 CVE-2024-36949 CVE-2024-36954 CVE-2024-36957 CVE-2024-36964 CVE-2023-47233 |
| CWE-ID | CWE-416 CWE-476 CWE-399 CWE-362 CWE-667 CWE-388 CWE-908 CWE-119 CWE-125 CWE-264 CWE-451 CWE-401 CWE-835 CWE-193 CWE-269 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system kernel-source Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component python3-perf-debuginfo Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 56 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU90090
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47247
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5e_take_all_route_decap_flows() and mlx5e_encap_valid() functions in drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_encap.c, within the wait_for_completion() and mlx5e_take_all_encap_flows() functions in drivers/net/ethernet/mellanox/mlx5/core/en/rep/tc.c, within the mlx5e_rep_neigh_update() and mlx5e_rep_update_flows() functions in drivers/net/ethernet/mellanox/mlx5/core/en/rep/neigh.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU90403
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47484
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nix_free_tx_vtag_entries() function in drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c, within the rvu_dbg_qsize_write() function in drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU92963
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47558
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the stmmac_release() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Race condition
EUVDB-ID: #VU93379
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48652
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the ice_set_dflt_vsi_ctx(), ice_vsi_setup_q_map(), ice_vsi_setup_q_map_mqprio() and ice_vsi_cfg_tc() functions in drivers/net/ethernet/intel/ice/ice_lib.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper locking
EUVDB-ID: #VU92024
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52672
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pipe_resize_ring() and pipe_set_size() functions in fs/pipe.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper error handling
EUVDB-ID: #VU93618
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52680
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the scarlett2_sync_ctl_get(), scarlett2_master_volume_ctl_get(), scarlett2_volume_ctl_get(), scarlett2_mute_ctl_get(), scarlett2_level_enum_ctl_get(), scarlett2_pad_ctl_get(), scarlett2_air_ctl_get(), scarlett2_phantom_ctl_get(), scarlett2_direct_monitor_ctl_get(), scarlett2_speaker_switch_enum_ctl_get(), scarlett2_talkback_enum_ctl_get(), scarlett2_dim_mute_ctl_get() and scarlett2_mux_src_enum_ctl_get() functions in sound/usb/mixer_scarlett_gen2.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) NULL pointer dereference
EUVDB-ID: #VU90548
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52686
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the opal_event_init() function in arch/powerpc/platforms/powernv/opal-irqchip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use of uninitialized resource
EUVDB-ID: #VU91678
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52693
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the acpi_video_dev_register_backlight() function in drivers/acpi/acpi_video.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper locking
EUVDB-ID: #VU91507
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52732
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ceph_update_snap_trace() and ceph_handle_snap() functions in fs/ceph/snap.c, within the register_session(), __open_session(), __do_request(), handle_reply(), ceph_mdsc_put_request(), done_closing_sessions() and mds_peer_reset() functions in fs/ceph/mds_client.c, within the ceph_zero_partial_object() function in fs/ceph/file.c, within the ceph_handle_caps() and iput() functions in fs/ceph/caps.c, within the ceph_netfs_issue_read(), writepage_nounlock() and ceph_uninline_data() functions in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU93622
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52762
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the virtblk_probe() function in drivers/block/virtio_blk.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU93425
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52775
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the smcr_clnt_conf_first_link() function in net/smc/af_smc.c when handling SMC DECLINE messages. A remote attacker can send specially crafted SMC DECLINE message to the system, trigger memory corruption and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU90079
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52803
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rpc_clnt_remove_pipedir() and rpc_setup_pipedir() functions in net/sunrpc/clnt.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU90285
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52810
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU89899
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52880
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to missing permissions checks within the gsmld_open() function in drivers/tty/n_gsm.c. A local user with CAP_NET_ADMIN capability can create a GSM network.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Spoofing attack
EUVDB-ID: #VU89895
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52881
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error within the tcp_ack() function in net/ipv4/tcp_input.c, which can result in system accepting ACK responses for bytes that were never sent. A remote attacker can perform spoofing attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Resource management error
EUVDB-ID: #VU93772
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26835
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Buffer overflow
EUVDB-ID: #VU91312
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26889
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the hci_get_dev_info() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Memory leak
EUVDB-ID: #VU89353
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27393
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform DoS attack on the target system.
The vulnerability exists due memory leak within the xennet_alloc_one_rx_buffer() function in xen-netback implementation. A malicious guest userspace process can exhaust memory resources within the guest kernel and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper locking
EUVDB-ID: #VU92026
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27402
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pep_sock_enable() and pep_ioctl() functions in net/phonet/pep.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Race condition
EUVDB-ID: #VU91470
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27408
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the dw_edma_v0_core_write_chunk() and dw_edma_v0_core_start() functions in drivers/dma/dw-edma/dw-edma-v0-core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU90554
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35790
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hpd_show(), dp_altmode_probe(), dp_altmode_remove() and module_typec_altmode_driver() functions in drivers/usb/typec/altmodes/displayport.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper error handling
EUVDB-ID: #VU90947
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35809
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the pci_device_remove() function in drivers/pci/pci-driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Use-after-free
EUVDB-ID: #VU90164
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35811
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcmf_notify_escan_complete() and brcmf_cfg80211_detach() functions in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Memory leak
EUVDB-ID: #VU89984
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35853
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlxsw_sp_acl_tcam_vchunk_migrate_start() and mlxsw_sp_acl_tcam_vregion_migrate() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU90162
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35854
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_acl_tcam_vregion_rehash() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Memory leak
EUVDB-ID: #VU91639
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35871
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __asm__() and copy_thread() functions in arch/riscv/kernel/process.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use of uninitialized resource
EUVDB-ID: #VU90873
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35888
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ip6erspan_rcv() function in net/ipv6/ip6_gre.c, within the erspan_rcv() function in net/ipv4/ip_gre.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper locking
EUVDB-ID: #VU90752
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35895
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Out-of-bounds read
EUVDB-ID: #VU90309
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35896
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_replace() and compat_do_replace() functions in net/ipv6/netfilter/ip6_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/ip_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/arp_tables.c, within the do_replace(), update_counters() and compat_update_counters() functions in net/bridge/netfilter/ebtables.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Out-of-bounds read
EUVDB-ID: #VU90307
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35905
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the check_stack_access_within_bounds() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Buffer overflow
EUVDB-ID: #VU93623
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35924
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ucsi_read_message_in(), ucsi_read_error(), ucsi_send_command() and ucsi_register() functions in drivers/usb/typec/ucsi/ucsi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Out-of-bounds read
EUVDB-ID: #VU90303
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35967
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sco_sock_setsockopt() function in net/bluetooth/sco.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Use of uninitialized resource
EUVDB-ID: #VU90872
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35973
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the geneve_xmit_skb() and geneve6_xmit_skb() functions in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Infinite loop
EUVDB-ID: #VU91411
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35982
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the batadv_tt_local_resize_to_mtu() function in net/batman-adv/translation-table.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) NULL pointer dereference
EUVDB-ID: #VU91458
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35984
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i2c_check_for_quirks() function in drivers/i2c/i2c-core-base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Out-of-bounds read
EUVDB-ID: #VU93081
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36017
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_setvfinfo() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Resource management error
EUVDB-ID: #VU92981
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36029
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sdhci_msm_runtime_suspend() and sdhci_msm_runtime_resume() functions in drivers/mmc/host/sdhci-msm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Out-of-bounds read
EUVDB-ID: #VU90272
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36883
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net_alloc_generic() and register_pernet_operations() functions in net/core/net_namespace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU90049
Risk: High
CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36886
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Use of uninitialized resource
EUVDB-ID: #VU90975
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36889
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mptcp_stream_connect() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Use of uninitialized resource
EUVDB-ID: #VU92002
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36898
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the edge_detector_update() function in drivers/gpio/gpiolib-cdev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Use-after-free
EUVDB-ID: #VU90048
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36899
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gpio_chrdev_release() function in drivers/gpio/gpiolib-cdev.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) NULL pointer dereference
EUVDB-ID: #VU91224
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36901
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip6_output() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) NULL pointer dereference
EUVDB-ID: #VU91222
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36902
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __fib6_rule_action() function in net/ipv6/fib6_rules.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Use of uninitialized resource
EUVDB-ID: #VU90865
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36903
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __ip6_make_skb() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Out-of-bounds read
EUVDB-ID: #VU90271
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36906
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ENDPROC() function in arch/arm/kernel/sleep.S. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Resource management error
EUVDB-ID: #VU93278
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36908
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iocg_pay_debt() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Buffer overflow
EUVDB-ID: #VU92094
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36917
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the blk_ioctl_discard() function in block/ioctl.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improper locking
EUVDB-ID: #VU90734
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36924
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lpfc_set_rrq_active() and lpfc_sli_post_recovery_event() functions in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c, within the lpfc_els_retry_delay() function in drivers/scsi/lpfc/lpfc_els.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Resource management error
EUVDB-ID: #VU92961
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36928
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qeth_free_cq(), qeth_alloc_qdio_queues(), atomic_set(), qeth_free_qdio_queues() and qeth_qdio_poll() functions in drivers/s390/net/qeth_core_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Improper error handling
EUVDB-ID: #VU93449
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36929
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the skb_alloc_rx_flag() and skb_copy_expand() functions in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Improper locking
EUVDB-ID: #VU93436
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36949
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kgd2kfd_suspend() and kgd2kfd_resume() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Memory leak
EUVDB-ID: #VU90431
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36954
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tipc_buf_append() function in net/tipc/msg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Off-by-one
EUVDB-ID: #VU91171
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36957
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the rvu_dbg_qsize_write() function in drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Improper privilege management
EUVDB-ID: #VU93734
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36964
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Use-after-free
EUVDB-ID: #VU82755
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-47233
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an attacker to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcm80211 in a brcmf_cfg80211_detach in the device unplugging (disconnect the USB by hotplug) code. An attacker with physical access to device can trigger a use-after-free error and escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-source: before 5.10.0-207.0.0.116
kernel-debugsource: before 5.10.0-207.0.0.116
kernel-tools-devel: before 5.10.0-207.0.0.116
perf: before 5.10.0-207.0.0.116
python3-perf: before 5.10.0-207.0.0.116
kernel-devel: before 5.10.0-207.0.0.116
kernel-headers: before 5.10.0-207.0.0.116
kernel-tools: before 5.10.0-207.0.0.116
kernel-tools-debuginfo: before 5.10.0-207.0.0.116
python3-perf-debuginfo: before 5.10.0-207.0.0.116
kernel-debuginfo: before 5.10.0-207.0.0.116
perf-debuginfo: before 5.10.0-207.0.0.116
kernel: before 5.10.0-207.0.0.116
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1707
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
