openEuler 22.03 LTS SP3 update for kernel



Risk Medium
Patch available YES
Number of vulnerabilities 25
CVE-ID CVE-2023-52619
CVE-2024-24860
CVE-2024-25739
CVE-2024-26607
CVE-2024-26614
CVE-2024-26633
CVE-2024-26644
CVE-2024-26698
CVE-2024-26736
CVE-2024-26751
CVE-2024-26764
CVE-2024-26772
CVE-2024-26773
CVE-2024-26777
CVE-2024-26778
CVE-2024-26788
CVE-2024-26810
CVE-2024-26883
CVE-2024-26884
CVE-2024-26885
CVE-2024-26898
CVE-2024-26907
CVE-2024-27437
CVE-2022-3061
CVE-2023-6270
CWE-ID CWE-119
CWE-362
CWE-754
CWE-476
CWE-399
CWE-20
CWE-667
CWE-835
CWE-369
CWE-416
Exploitation vector Network
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

kernel-tools
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 25 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU93668

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52619

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ramoops_init_przs() function in fs/pstore/ram.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Race condition

EUVDB-ID: #VU86580

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-24860

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the {min,max}_key_size_set() function in the Linux kernel bluetooth device driver. A remote attacker with physical proximity to device can send specially crafted packets to the system and crash the kernel.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper check for unusual or exceptional conditions

EUVDB-ID: #VU92399

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-25739

CWE-ID: CWE-754 - Improper Check for Unusual or Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper check for unusual or exceptional conditions error within the ubi_read_volume_table() function in drivers/mtd/ubi/vtbl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU90640

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26607

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sii902x_init() and sii902x_probe() functions in drivers/gpu/drm/bridge/sii902x.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Resource management error

EUVDB-ID: #VU91320

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-26614

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the reqsk_queue_alloc() function in net/core/request_sock.c. A remote attacker can send specially crafted ACK packets to the system and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU89267

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-26633

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in NEXTHDR_FRAGMENT handling within the ip6_tnl_parse_tlv_enc_lim() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper locking

EUVDB-ID: #VU91535

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26644

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the create_snapshot() function in fs/btrfs/ioctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Race condition

EUVDB-ID: #VU91482

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26698

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the netvsc_device_remove() function in drivers/net/hyperv/netvsc.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU92007

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26736

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the afs_update_volume_status() function in fs/afs/volume.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Infinite loop

EUVDB-ID: #VU93671

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26751

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the GPIO_LOOKUP_IDX() function in arch/arm/mach-ep93xx/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource management error

EUVDB-ID: #VU93844

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26764

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the kiocb_set_cancel_fn() and aio_prep_rw() functions in fs/aio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper locking

EUVDB-ID: #VU92041

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26772

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_mb_find_by_goal() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper locking

EUVDB-ID: #VU93787

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26773

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_mb_try_best_found() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Division by zero

EUVDB-ID: #VU91377

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26777

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the sisfb_check_var() function in drivers/video/fbdev/sis/sis_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Division by zero

EUVDB-ID: #VU91378

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26778

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the savagefb_check_var() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Resource management error

EUVDB-ID: #VU92972

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26788

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the fsl_qdma_probe() function in drivers/dma/fsl-qdma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper locking

EUVDB-ID: #VU91318

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26810

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_pci_intx_mask(), vfio_pci_intx_unmask_handler(), vfio_pci_set_intx_unmask() and vfio_pci_set_intx_mask() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Buffer overflow

EUVDB-ID: #VU91602

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26883

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the stack_map_alloc() function in kernel/bpf/stackmap.c on a 32-bit platform. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Buffer overflow

EUVDB-ID: #VU91604

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26884

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the htab_map_alloc() function in kernel/bpf/hashtab.c on 32-bit platforms. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Buffer overflow

EUVDB-ID: #VU89840

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26885

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the dev_map_init_map() function in kernel/bpf/devmap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use-after-free

EUVDB-ID: #VU90197

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26898

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tx() function in drivers/block/aoe/aoenet.c, within the aoecmd_cfg_pkts() function in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper locking

EUVDB-ID: #VU92037

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26907

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper locking within the set_eth_seg() function in drivers/infiniband/hw/mlx5/wr.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Resource management error

EUVDB-ID: #VU93202

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27437

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vfio_intx_set_signal() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Division by zero

EUVDB-ID: #VU68516

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-3061

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to missing checks of the "pixclock" value in the Linux kernel i740 driver. A local user can pass arbitrary values to the driver through ioctl() interface, trigger a divide by zero error and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use-after-free

EUVDB-ID: #VU91599

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-6270

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

kernel-tools: before 5.10.0-198.0.0.111

perf: before 5.10.0-198.0.0.111

kernel-tools-debuginfo: before 5.10.0-198.0.0.111

python3-perf-debuginfo: before 5.10.0-198.0.0.111

kernel-headers: before 5.10.0-198.0.0.111

kernel-devel: before 5.10.0-198.0.0.111

kernel-debuginfo: before 5.10.0-198.0.0.111

python3-perf: before 5.10.0-198.0.0.111

perf-debuginfo: before 5.10.0-198.0.0.111

kernel-tools-devel: before 5.10.0-198.0.0.111

kernel-debugsource: before 5.10.0-198.0.0.111

kernel-source: before 5.10.0-198.0.0.111

kernel: before 5.10.0-198.0.0.111

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1541


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###