openEuler 22.03 LTS SP1 update for kernel
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 48 |
| CVE-ID | CVE-2021-47366 CVE-2022-48673 CVE-2022-48693 CVE-2023-52670 CVE-2023-52672 CVE-2023-52693 CVE-2023-52708 CVE-2023-52732 CVE-2023-52739 CVE-2023-52747 CVE-2023-52762 CVE-2023-52810 CVE-2023-52821 CVE-2023-52841 CVE-2023-52846 CVE-2023-52882 CVE-2024-26936 CVE-2024-26947 CVE-2024-26954 CVE-2024-26960 CVE-2024-27014 CVE-2024-27019 CVE-2024-27044 CVE-2024-35796 CVE-2024-35815 CVE-2024-35819 CVE-2024-35828 CVE-2024-35839 CVE-2024-35870 CVE-2024-35887 CVE-2024-35910 CVE-2024-35932 CVE-2024-35935 CVE-2024-35937 CVE-2024-35951 CVE-2024-35965 CVE-2024-35966 CVE-2024-35982 CVE-2024-36016 CVE-2024-36916 CVE-2024-36917 CVE-2024-36919 CVE-2024-36928 CVE-2024-36952 CVE-2024-36954 CVE-2024-36960 CVE-2024-36968 CVE-2024-36971 |
| CWE-ID | CWE-119 CWE-667 CWE-200 CWE-401 CWE-908 CWE-388 CWE-415 CWE-125 CWE-476 CWE-416 CWE-20 CWE-362 CWE-366 CWE-399 CWE-404 CWE-835 CWE-787 CWE-369 |
| Exploitation vector | Local |
| Public exploit | Vulnerability #48 is being exploited in the wild. |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system kernel-tools-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component python3-perf-debuginfo Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 48 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU93171
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47366
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the afs_fs_fetch_data(), afs_fs_store_data(), afs_fs_setattr_size() and afs_deliver_fs_get_capabilities() functions in fs/afs/fsclient.c, within the afs_fileserver_probe_result() and clear_bit() functions in fs/afs/fs_probe.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper locking
EUVDB-ID: #VU92028
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48673
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smc_wr_rx_process_cqes(), smc_wr_free_link() and smc_wr_create_link() functions in net/smc/smc_wr.c, within the smcr_link_init() function in net/smc/smc_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU91352
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48693
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to information disclosure within the brcmstb_pm_probe() function in drivers/soc/bcm/brcmstb/pm/pm-arm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU89988
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52670
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the virtio_rpmsg_release_device() function in drivers/rpmsg/virtio_rpmsg_bus.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper locking
EUVDB-ID: #VU92024
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52672
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pipe_resize_ring() and pipe_set_size() functions in fs/pipe.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use of uninitialized resource
EUVDB-ID: #VU91678
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52693
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the acpi_video_dev_register_backlight() function in drivers/acpi/acpi_video.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper error handling
EUVDB-ID: #VU90936
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52708
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mmc_spi_probe() function in drivers/mmc/host/mmc_spi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper locking
EUVDB-ID: #VU91507
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52732
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ceph_update_snap_trace() and ceph_handle_snap() functions in fs/ceph/snap.c, within the register_session(), __open_session(), __do_request(), handle_reply(), ceph_mdsc_put_request(), done_closing_sessions() and mds_peer_reset() functions in fs/ceph/mds_client.c, within the ceph_zero_partial_object() function in fs/ceph/file.c, within the ceph_handle_caps() and iput() functions in fs/ceph/caps.c, within the ceph_netfs_issue_read(), writepage_nounlock() and ceph_uninline_data() functions in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Double free
EUVDB-ID: #VU90889
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52739
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the free_the_page() function in mm/page_alloc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Information disclosure
EUVDB-ID: #VU91332
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52747
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the user_exp_rcv_setup() function in drivers/infiniband/hw/hfi1/file_ops.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU93622
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52762
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the virtblk_probe() function in drivers/block/virtio_blk.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU90285
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52810
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU90430
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52821
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the versatile_panel_get_modes() function in drivers/gpu/drm/panel/panel-arm-versatile.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Memory leak
EUVDB-ID: #VU89945
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52841
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vidtv_mux_init() and vidtv_channel_si_destroy() functions in drivers/media/test-drivers/vidtv/vidtv_mux.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU91055
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52846
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the prp_create_tagged_frame() function in net/hsr/hsr_forward.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Input validation error
EUVDB-ID: #VU93673
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52882
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sun50i_h6_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-h6.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds read
EUVDB-ID: #VU90322
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26936
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the smb2_allocate_rsp_buf() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU92213
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26947
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __sync_icache_dcache() function in arch/arm/mm/flush.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds read
EUVDB-ID: #VU90321
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26954
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the smb2_get_data_area_len() function in fs/smb/server/smb2misc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Race condition
EUVDB-ID: #VU91475
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26960
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the __swap_entry_free_locked() and free_swap_and_cache() functions in mm/swapfile.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper locking
EUVDB-ID: #VU90768
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27014
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5e_arfs_enable(), arfs_del_rules(), arfs_handle_work() and mlx5e_rx_flow_steer() functions in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Race condition within a thread
EUVDB-ID: #VU91431
Risk: Low
CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27019
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a data race within the __nft_obj_type_get() and nft_obj_type_get() functions in net/netfilter/nf_tables_api.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) NULL pointer dereference
EUVDB-ID: #VU90521
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27044
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn10_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) NULL pointer dereference
EUVDB-ID: #VU90553
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35796
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the temac_probe() function in drivers/net/ethernet/xilinx/ll_temac_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Resource management error
EUVDB-ID: #VU93271
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35815
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the aio_setup_ring() and kiocb_set_cancel_fn() functions in fs/aio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper locking
EUVDB-ID: #VU91448
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35819
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qman_create_portal(), qm_congestion_task(), qman_create_cgr(), qman_delete_cgr() and qman_update_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Memory leak
EUVDB-ID: #VU90447
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35828
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lbs_allocate_cmd_buffer() function in drivers/net/wireless/marvell/libertas/cmd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper locking
EUVDB-ID: #VU93386
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35839
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nf_reject6_fill_skb_dst() and nf_send_reset6() functions in net/ipv6/netfilter/nf_reject_ipv6.c, within the nf_reject_fill_skb_dst() and nf_send_reset() functions in net/ipv4/netfilter/nf_reject_ipv4.c, within the br_nf_pre_routing_finish_ipv6() function in net/bridge/br_netfilter_ipv6.c, within the br_nf_pre_routing_finish_bridge(), br_nf_ipv4_daddr_was_changed(), bridge_parent_rtable(), skb_dst_set_noref(), setup_pre_routing(), br_nf_forward_finish(), ip_sabotage_in() and br_nf_pre_routing_finish_bridge_slow() functions in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU90158
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35870
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_mark_tcp_ses_conns_for_reconnect() and cifs_find_smb_ses() functions in fs/smb/client/connect.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Use-after-free
EUVDB-ID: #VU90159
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35887
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improper locking
EUVDB-ID: #VU92021
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35910
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcp_close() function in net/ipv4/tcp.c, within the inet_csk_clear_xmit_timers() function in net/ipv4/inet_connection_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Use-after-free
EUVDB-ID: #VU90146
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35932
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vc4_prepare_fb() and vc4_cleanup_fb() functions in drivers/gpu/drm/vc4/vc4_plane.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper error handling
EUVDB-ID: #VU90944
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35935
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the iterate_inode_ref() function in fs/btrfs/send.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Out-of-bounds read
EUVDB-ID: #VU91093
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35937
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ieee80211_amsdu_subframe_length(), ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper resource shutdown or release
EUVDB-ID: #VU93746
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35951
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the panfrost_mmu_map_fault_addr() and sg_free_table() functions in drivers/gpu/drm/panfrost/panfrost_mmu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Input validation error
EUVDB-ID: #VU93797
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35965
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the l2cap_sock_setsockopt_old() and l2cap_sock_setsockopt() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Out-of-bounds read
EUVDB-ID: #VU90306
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35966
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rfcomm_sock_setsockopt_old() and rfcomm_sock_setsockopt() functions in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Infinite loop
EUVDB-ID: #VU91411
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35982
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the batadv_tt_local_resize_to_mtu() function in net/batman-adv/translation-table.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Out-of-bounds write
EUVDB-ID: #VU89898
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36016
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the gsm0_receive() function in drivers/tty/n_gsm.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Out-of-bounds read
EUVDB-ID: #VU90273
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36916
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iocg_kick_delay() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Buffer overflow
EUVDB-ID: #VU92094
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36917
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the blk_ioctl_discard() function in block/ioctl.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Improper locking
EUVDB-ID: #VU92010
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36919
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bnx2fc_free_session_resc() function in drivers/scsi/bnx2fc/bnx2fc_tgt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Resource management error
EUVDB-ID: #VU92961
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36928
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qeth_free_cq(), qeth_alloc_qdio_queues(), atomic_set(), qeth_free_qdio_queues() and qeth_qdio_poll() functions in drivers/s390/net/qeth_core_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Race condition
EUVDB-ID: #VU91463
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36952
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Memory leak
EUVDB-ID: #VU90431
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36954
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tipc_buf_append() function in net/tipc/msg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Out-of-bounds read
EUVDB-ID: #VU90819
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36960
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vmw_event_fence_action_create() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Division by zero
EUVDB-ID: #VU92008
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36968
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the sco_sock_clear_timer() and sco_conn_add() functions in net/bluetooth/sco.c, within the l2cap_finish_move(), l2cap_rx_state_wait_f() and l2cap_conn_add() functions in net/bluetooth/l2cap_core.c, within the iso_sock_sendmsg() function in net/bluetooth/iso.c, within the hci_cc_read_buffer_size(), hci_cc_le_read_buffer_size(), hci_cs_create_conn(), hci_conn_complete_evt(), hci_conn_request_evt(), hci_cc_le_read_buffer_size_v2(), le_conn_complete_evt(), hci_le_cis_req_evt(), hci_le_big_sync_established_evt() and hci_le_big_info_adv_report_evt() functions in net/bluetooth/hci_event.c, within the hci_conn_add(), hci_conn_add_unset(), hci_connect_le(), hci_add_bis(), hci_connect_le_scan(), hci_connect_acl(), hci_connect_sco(), hci_bind_cis() and hci_iso_qos_setup() functions in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Use-after-free
EUVDB-ID: #VU91597
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2024-36971
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A remote attacker can send specially crafted packets to the system and execute arbitrary code.
Note, the vulnerability is being actively exploited in the wild.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-tools-debuginfo: before 5.10.0-136.80.0.160
python3-perf: before 5.10.0-136.80.0.160
kernel-debuginfo: before 5.10.0-136.80.0.160
kernel-headers: before 5.10.0-136.80.0.160
perf-debuginfo: before 5.10.0-136.80.0.160
kernel-devel: before 5.10.0-136.80.0.160
kernel-tools: before 5.10.0-136.80.0.160
python3-perf-debuginfo: before 5.10.0-136.80.0.160
kernel-debugsource: before 5.10.0-136.80.0.160
perf: before 5.10.0-136.80.0.160
kernel-tools-devel: before 5.10.0-136.80.0.160
kernel-source: before 5.10.0-136.80.0.160
kernel: before 5.10.0-136.80.0.160
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1737
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
