Risk | Low |
Patch available | YES |
Number of vulnerabilities | 42 |
CVE-ID | CVE-2021-47366 CVE-2022-48673 CVE-2022-48692 CVE-2023-52670 CVE-2023-52748 CVE-2023-52791 CVE-2023-52821 CVE-2023-52841 CVE-2023-52873 CVE-2023-52882 CVE-2024-26924 CVE-2024-26935 CVE-2024-26936 CVE-2024-26947 CVE-2024-26954 CVE-2024-26960 CVE-2024-27014 CVE-2024-27017 CVE-2024-27019 CVE-2024-27044 CVE-2024-35796 CVE-2024-35819 CVE-2024-35821 CVE-2024-35828 CVE-2024-35870 CVE-2024-35887 CVE-2024-35910 CVE-2024-35915 CVE-2024-35932 CVE-2024-35935 CVE-2024-35937 CVE-2024-35951 CVE-2024-35965 CVE-2024-35966 CVE-2024-36016 CVE-2024-36905 CVE-2024-36916 CVE-2024-36919 CVE-2024-36952 CVE-2024-36960 CVE-2024-36968 CVE-2024-36971 |
CWE-ID | CWE-119 CWE-667 CWE-476 CWE-401 CWE-20 CWE-399 CWE-200 CWE-125 CWE-416 CWE-362 CWE-682 CWE-366 CWE-908 CWE-388 CWE-404 CWE-787 CWE-369 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python3-perf Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component python3-perf-debuginfo Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 42 vulnerabilities.
EUVDB-ID: #VU93171
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47366
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the afs_fs_fetch_data(), afs_fs_store_data(), afs_fs_setattr_size() and afs_deliver_fs_get_capabilities() functions in fs/afs/fsclient.c, within the afs_fileserver_probe_result() and clear_bit() functions in fs/afs/fs_probe.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92028
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48673
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smc_wr_rx_process_cqes(), smc_wr_free_link() and smc_wr_create_link() functions in net/smc/smc_wr.c, within the smcr_link_init() function in net/smc/smc_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90516
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48692
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the srp_process_rsp() function in drivers/infiniband/ulp/srp/ib_srp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89988
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52670
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the virtio_rpmsg_release_device() function in drivers/rpmsg/virtio_rpmsg_bus.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93621
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52748
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the f2fs_init_page_array_cache() function in fs/f2fs/compress.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93438
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52791
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/i2c/i2c-core.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90430
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52821
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the versatile_panel_get_modes() function in drivers/gpu/drm/panel/panel-arm-versatile.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89945
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52841
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vidtv_mux_init() and vidtv_channel_si_destroy() functions in drivers/media/test-drivers/vidtv/vidtv_mux.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90428
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52873
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the clk_mt6779_apmixed_probe() and clk_mt6779_top_probe() functions in drivers/clk/mediatek/clk-mt6779.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93673
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52882
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sun50i_h6_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-h6.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89055
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26924
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nft_pipapo_remove() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91358
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26935
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the scsi_host_dev_release() function in drivers/scsi/hosts.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90322
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26936
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the smb2_allocate_rsp_buf() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92213
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26947
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __sync_icache_dcache() function in arch/arm/mm/flush.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90321
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26954
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the smb2_get_data_area_len() function in fs/smb/server/smb2misc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91475
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26960
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the __swap_entry_free_locked() and free_swap_and_cache() functions in mm/swapfile.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90768
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27014
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5e_arfs_enable(), arfs_del_rules(), arfs_handle_work() and mlx5e_rx_flow_steer() functions in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93615
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27017
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to incorrect calculation within the nft_pipapo_walk() function in net/netfilter/nft_set_pipapo.c, within the nft_map_deactivate(), nf_tables_bind_set(), nft_map_activate(), nf_tables_dump_set(), nft_set_flush() and nf_tables_check_loops() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91431
Risk: Low
CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27019
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a data race within the __nft_obj_type_get() and nft_obj_type_get() functions in net/netfilter/nf_tables_api.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90521
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27044
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn10_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90553
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35796
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the temac_probe() function in drivers/net/ethernet/xilinx/ll_temac_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91448
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35819
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qman_create_portal(), qm_congestion_task(), qman_create_cgr(), qman_delete_cgr() and qman_update_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92025
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35821
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the write_begin_slow(), ubifs_write_begin() and ubifs_write_end() functions in fs/ubifs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90447
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35828
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lbs_allocate_cmd_buffer() function in drivers/net/wireless/marvell/libertas/cmd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90158
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35870
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_mark_tcp_ses_conns_for_reconnect() and cifs_find_smb_ses() functions in fs/smb/client/connect.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90159
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35887
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92021
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35910
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcp_close() function in net/ipv4/tcp.c, within the inet_csk_clear_xmit_timers() function in net/ipv4/inet_connection_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90874
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35915
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nci_rx_work() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90146
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35932
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vc4_prepare_fb() and vc4_cleanup_fb() functions in drivers/gpu/drm/vc4/vc4_plane.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90944
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35935
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the iterate_inode_ref() function in fs/btrfs/send.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91093
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35937
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ieee80211_amsdu_subframe_length(), ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93746
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35951
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the panfrost_mmu_map_fault_addr() and sg_free_table() functions in drivers/gpu/drm/panfrost/panfrost_mmu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93797
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35965
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the l2cap_sock_setsockopt_old() and l2cap_sock_setsockopt() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90306
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35966
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rfcomm_sock_setsockopt_old() and rfcomm_sock_setsockopt() functions in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89898
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36016
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the gsm0_receive() function in drivers/tty/n_gsm.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93375
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36905
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tcp_send_fin() function in net/ipv4/tcp_output.c, within the tcp_rcv_state_process() function in net/ipv4/tcp_input.c, within the tcp_shutdown() and __tcp_close() functions in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90273
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36916
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iocg_kick_delay() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92010
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36919
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bnx2fc_free_session_resc() function in drivers/scsi/bnx2fc/bnx2fc_tgt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91463
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36952
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90819
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36960
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vmw_event_fence_action_create() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92008
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36968
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the sco_sock_clear_timer() and sco_conn_add() functions in net/bluetooth/sco.c, within the l2cap_finish_move(), l2cap_rx_state_wait_f() and l2cap_conn_add() functions in net/bluetooth/l2cap_core.c, within the iso_sock_sendmsg() function in net/bluetooth/iso.c, within the hci_cc_read_buffer_size(), hci_cc_le_read_buffer_size(), hci_cs_create_conn(), hci_conn_complete_evt(), hci_conn_request_evt(), hci_cc_le_read_buffer_size_v2(), le_conn_complete_evt(), hci_le_cis_req_evt(), hci_le_big_sync_established_evt() and hci_le_big_info_adv_report_evt() functions in net/bluetooth/hci_event.c, within the hci_conn_add(), hci_conn_add_unset(), hci_connect_le(), hci_add_bis(), hci_connect_le_scan(), hci_connect_acl(), hci_connect_sco(), hci_bind_cis() and hci_iso_qos_setup() functions in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91597
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36971
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf: before 5.10.0-209.0.0.117
kernel-tools-debuginfo: before 5.10.0-209.0.0.117
kernel-source: before 5.10.0-209.0.0.117
perf: before 5.10.0-209.0.0.117
python3-perf-debuginfo: before 5.10.0-209.0.0.117
kernel-debuginfo: before 5.10.0-209.0.0.117
kernel-debugsource: before 5.10.0-209.0.0.117
perf-debuginfo: before 5.10.0-209.0.0.117
kernel-tools-devel: before 5.10.0-209.0.0.117
kernel-devel: before 5.10.0-209.0.0.117
kernel-headers: before 5.10.0-209.0.0.117
kernel-tools: before 5.10.0-209.0.0.117
kernel: before 5.10.0-209.0.0.117
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1738
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.