openEuler 20.03 LTS SP1 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 77 |
| CVE-ID | CVE-2021-47269 CVE-2021-47284 CVE-2021-47335 CVE-2021-47393 CVE-2021-47455 CVE-2021-47473 CVE-2021-47497 CVE-2022-48695 CVE-2022-48697 CVE-2022-48702 CVE-2022-48704 CVE-2022-48710 CVE-2023-52650 CVE-2023-52652 CVE-2023-52653 CVE-2023-52656 CVE-2023-52683 CVE-2023-52691 CVE-2023-52698 CVE-2023-52813 CVE-2023-52817 CVE-2023-52818 CVE-2023-52835 CVE-2023-52840 CVE-2023-52847 CVE-2023-52867 CVE-2023-52868 CVE-2024-26955 CVE-2024-26956 CVE-2024-26957 CVE-2024-26958 CVE-2024-26960 CVE-2024-26961 CVE-2024-26965 CVE-2024-26966 CVE-2024-26969 CVE-2024-26974 CVE-2024-26976 CVE-2024-26981 CVE-2024-26982 CVE-2024-26993 CVE-2024-26994 CVE-2024-26996 CVE-2024-26999 CVE-2024-27000 CVE-2024-27001 CVE-2024-27008 CVE-2024-27010 CVE-2024-27011 CVE-2024-27024 CVE-2024-27028 CVE-2024-27037 CVE-2024-27046 CVE-2024-27051 CVE-2024-27054 CVE-2024-27059 CVE-2024-27062 CVE-2024-27072 CVE-2024-27073 CVE-2024-27075 CVE-2024-27077 CVE-2024-27078 CVE-2024-27388 CVE-2024-27403 CVE-2024-27419 CVE-2024-35805 CVE-2024-35806 CVE-2024-35815 CVE-2024-35835 CVE-2024-35886 CVE-2024-35898 CVE-2024-35922 CVE-2024-35930 CVE-2024-35936 CVE-2024-35950 CVE-2024-35976 CVE-2024-35997 |
| CWE-ID | CWE-476 CWE-665 CWE-416 CWE-125 CWE-401 CWE-667 CWE-200 CWE-477 CWE-190 CWE-415 CWE-399 CWE-119 CWE-388 CWE-362 CWE-20 CWE-682 CWE-369 CWE-121 CWE-191 CWE-366 CWE-835 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python2-perf-debuginfo Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component python2-perf Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component python3-perf-debuginfo Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 77 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU90477
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47269
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dwc3_wIndex_to_dep() function in drivers/usb/dwc3/ep0.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Initialization
EUVDB-ID: #VU91550
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47284
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the nj_probe() function in drivers/isdn/hardware/mISDN/netjet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU90129
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47335
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the init_f2fs_fs() and exit_f2fs_fs() functions in fs/f2fs/super.c, within the f2fs_recover_fsync_data() function in fs/f2fs/recovery.c, within the f2fs_destroy_garbage_collection_cache() function in fs/f2fs/f2fs.h. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU90302
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47393
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mlxreg_fan_set_cur_state() function in drivers/hwmon/mlxreg-fan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory leak
EUVDB-ID: #VU89939
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47455
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ptp_clock_register() function in drivers/ptp/ptp_clock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory leak
EUVDB-ID: #VU89941
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47473
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak in drivers/scsi/qla2xxx/qla_bsg.c. A local user can crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU90276
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47497
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nvmem_shift_read_buffer_in_place() function in drivers/nvmem/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU90171
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48695
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dequeue_next_fw_event() and _scsih_fw_event_cleanup_queue() functions in drivers/scsi/mpt3sas/mpt3sas_scsih.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU90172
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48697
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __nvmet_req_complete() function in drivers/nvme/target/core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU90312
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48702
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_emu10k1_pcm_channel_alloc() function in sound/pci/emu10k1/emupcm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper locking
EUVDB-ID: #VU91520
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48704
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the radeon_suspend_kms() function in drivers/gpu/drm/radeon/radeon_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU90411
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48710
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the radeon_fp_native_mode() function in drivers/gpu/drm/radeon/radeon_connectors.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU90517
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52650
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tegra_dsi_ganged_probe() function in drivers/gpu/drm/tegra/dsi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Information disclosure
EUVDB-ID: #VU91353
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52652
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the pci_vntb_probe() function in drivers/pci/endpoint/functions/pci-epf-vntb.c, within the EXPORT_SYMBOL() and ntb_register_device() functions in drivers/ntb/core.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Memory leak
EUVDB-ID: #VU90459
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52653
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gss_import_v2_context() function in net/sunrpc/auth_gss/gss_krb5_mech.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use of obsolete function
EUVDB-ID: #VU93856
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52656
CWE-ID:
CWE-477 - Use of Obsolete Function
Exploit availability: No
DescriptionThe vulnerability allows a local user to have negative impact on system performance.
The vulnerability exists due to usage of dead code related to SCM_RIGHTS within the io_allocate_scq_urings(), io_ring_ctx_free(), and io_cqring_wait() function in fs/io_uring.c. A local user can influence system performance.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Integer overflow
EUVDB-ID: #VU91424
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52683
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the lpit_update_residency() function in drivers/acpi/acpi_lpit.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Double free
EUVDB-ID: #VU90921
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52691
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the si_dpm_init() function in drivers/gpu/drm/amd/amdgpu/si_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Memory leak
EUVDB-ID: #VU89982
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52698
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the netlbl_calipso_ops_register(), netlbl_calipso_add_pass() and netlbl_calipso_genl_init() functions in net/netlabel/netlabel_calipso.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Resource management error
EUVDB-ID: #VU91607
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52813
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the pcrypt_aead_encrypt() function in crypto/pcrypt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU90432
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52817
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_debugfs_regs_smc_read() and amdgpu_debugfs_regs_smc_write() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds read
EUVDB-ID: #VU90289
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52818
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/gpu/drm/amd/include/pptable.h, drivers/gpu/drm/amd/powerplay/hwmgr/pptable_v1_0.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU91084
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52835
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rb_alloc_aux() function in kernel/events/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU91056
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52840
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rmi_unregister_function() function in drivers/input/rmi4/rmi_bus.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU91054
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52847
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bttv_remove() function in drivers/media/pci/bt8xx/bttv-driver.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Buffer overflow
EUVDB-ID: #VU91308
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52867
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the drivers/gpu/drm/radeon/evergreen.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Buffer overflow
EUVDB-ID: #VU93616
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52868
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the thermal_zone_bind_cooling_device() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper error handling
EUVDB-ID: #VU93652
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26955
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_get_block() function in fs/nilfs2/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Buffer overflow
EUVDB-ID: #VU93155
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26956
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nilfs_direct_lookup_contig() function in fs/nilfs2/direct.c, within the nilfs_btree_lookup_contig() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Use-after-free
EUVDB-ID: #VU91062
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26957
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zcrypt_pick_queue() and zcrypt_drop_queue() functions in drivers/s390/crypto/zcrypt_api.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Use-after-free
EUVDB-ID: #VU90183
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26958
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the , within the wait_on_commit() function in fs/nfs/write.c, within the nfs_direct_commit_schedule() function in fs/nfs/direct.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Race condition
EUVDB-ID: #VU91475
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26960
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the __swap_entry_free_locked() and free_swap_and_cache() functions in mm/swapfile.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Use-after-free
EUVDB-ID: #VU90186
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26961
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mac802154_llsec_key_del_rcu() function in net/mac802154/llsec.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Out-of-bounds read
EUVDB-ID: #VU91393
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26965
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-msm8974.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Out-of-bounds read
EUVDB-ID: #VU91394
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26966
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-apq8084.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Out-of-bounds read
EUVDB-ID: #VU91397
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26969
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq8074.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Use-after-free
EUVDB-ID: #VU90185
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26974
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the adf_device_reset_worker() and adf_dev_aer_schedule_reset() functions in drivers/crypto/qat/qat_common/adf_aer.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Improper locking
EUVDB-ID: #VU90774
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26976
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the async_pf_execute(), kvm_clear_async_pf_completion_queue(), kvm_check_async_pf_completion() and kvm_setup_async_pf() functions in virt/kvm/async_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Out-of-bounds read
EUVDB-ID: #VU90318
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26981
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nilfs_type_by_mode[() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Input validation error
EUVDB-ID: #VU90857
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26982
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the squashfs_new_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Information disclosure
EUVDB-ID: #VU91355
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26993
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sysfs_break_active_protection() function in fs/sysfs/file.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Buffer overflow
EUVDB-ID: #VU93243
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26994
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the get_word() function in drivers/accessibility/speakup/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Use-after-free
EUVDB-ID: #VU90184
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26996
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ncm_set_alt() and ncm_disable() functions in drivers/usb/gadget/function/f_ncm.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Improper locking
EUVDB-ID: #VU91449
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26999
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pmz_receive_chars() function in drivers/tty/serial/pmac_zilog.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper locking
EUVDB-ID: #VU91450
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27000
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mxs_auart_set_ldisc() and mxs_auart_irq_handle() functions in drivers/tty/serial/mxs-auart.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Resource management error
EUVDB-ID: #VU92969
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27001
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmk80xx_find_usb_endpoints() function in drivers/comedi/drivers/vmk80xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Out-of-bounds read
EUVDB-ID: #VU91095
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27008
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the apply_dcb_encoder_quirks() and fabricate_dcb_encoder_table() functions in drivers/gpu/drm/nouveau/nouveau_bios.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Improper locking
EUVDB-ID: #VU90769
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27010
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qdisc_alloc() function in net/sched/sch_generic.c, within the qdisc_run_end() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Memory leak
EUVDB-ID: #VU90463
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27011
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_data_hold() and __nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Resource management error
EUVDB-ID: #VU93841
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27024
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the rds_sendmsg() function in net/rds/send.c, within the __rds_rdma_map() function in net/rds/rdma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) NULL pointer dereference
EUVDB-ID: #VU90555
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27028
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_spi_interrupt() function in drivers/spi/spi-mt65xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) NULL pointer dereference
EUVDB-ID: #VU90523
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27037
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the SLCR_SWDT_CLK_SEL() and zynq_clk_setup() functions in drivers/clk/zynq/clkc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) NULL pointer dereference
EUVDB-ID: #VU90519
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27046
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfp_fl_lag_do_work() function in drivers/net/ethernet/netronome/nfp/flower/lag_conf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) NULL pointer dereference
EUVDB-ID: #VU91501
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27051
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcm_avs_is_firmware_loaded() function in drivers/cpufreq/brcmstb-avs-cpufreq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Incorrect calculation
EUVDB-ID: #VU93759
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27054
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the dasd_generic_set_online() function in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Division by zero
EUVDB-ID: #VU91374
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27059
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the isd200_dump_driveid(), isd200_get_inquiry_data() and isd200_init_info() functions in drivers/usb/storage/isd200.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Race condition
EUVDB-ID: #VU91471
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27062
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the nvkm_object_search() and nvkm_object_remove() functions in drivers/gpu/drm/nouveau/nvkm/core/object.c, within the nvkm_client_new() function in drivers/gpu/drm/nouveau/nvkm/core/client.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Improper locking
EUVDB-ID: #VU90765
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27072
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the usbtv_video_free() function in drivers/media/usb/usbtv/usbtv-video.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Memory leak
EUVDB-ID: #VU90455
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27073
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the budget_av_attach() function in drivers/media/pci/ttpci/budget-av.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Stack-based buffer overflow
EUVDB-ID: #VU91298
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27075
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack overflow within the stv0367_writeregs() function in drivers/media/dvb-frontends/stv0367.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Memory leak
EUVDB-ID: #VU90451
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27077
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the v4l2_m2m_register_entity() function in drivers/media/v4l2-core/v4l2-mem2mem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Memory leak
EUVDB-ID: #VU90450
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27078
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpg_alloc() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Memory leak
EUVDB-ID: #VU90449
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27388
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gssx_dec_option_array() function in net/sunrpc/auth_gss/gss_rpc_xdr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Integer underflow
EUVDB-ID: #VU91669
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27403
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the flow_offload_dst_cookie() and nft_flow_dst_release() functions in net/netfilter/nf_flow_table_core.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Race condition within a thread
EUVDB-ID: #VU91429
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27419
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the nr_state1_machine(), nr_state2_machine() and nr_state3_machine() functions in net/netrom/nr_in.c, within the nr_rx_frame() function in net/netrom/af_netrom.c. A local user can manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Improper locking
EUVDB-ID: #VU91519
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35805
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dm_exception_table_exit() function in drivers/md/dm-snap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Improper locking
EUVDB-ID: #VU90755
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35806
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qm_congestion_task() and qman_create_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Resource management error
EUVDB-ID: #VU93271
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35815
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the aio_setup_ring() and kiocb_set_cancel_fn() functions in fs/aio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Double free
EUVDB-ID: #VU90923
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35835
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the arfs_create_groups() function in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Infinite loop
EUVDB-ID: #VU91413
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35886
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the inet6_dump_fib() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Race condition within a thread
EUVDB-ID: #VU91427
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35898
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the nf_tables_flowtable_parse_hook() and nft_flowtable_type_get() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Division by zero
EUVDB-ID: #VU91372
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35922
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the fb_get_mode() and fb_videomode_from_videomode() functions in drivers/video/fbdev/core/fbmon.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Memory leak
EUVDB-ID: #VU89976
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35930
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lpfc_rcv_padisc() function in drivers/scsi/lpfc/lpfc_nportdisc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Improper error handling
EUVDB-ID: #VU90942
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35936
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mutex_unlock() function in fs/btrfs/volumes.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Use-after-free
EUVDB-ID: #VU92212
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35950
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Out-of-bounds read
EUVDB-ID: #VU90305
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35976
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xsk_setsockopt() function in net/xdp/xsk.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Infinite loop
EUVDB-ID: #VU91412
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35997
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the __i2c_hid_command() and i2c_hid_irq() functions in drivers/hid/i2c-hid/i2c-hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
python2-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-devel: before 4.19.90-2405.5.0.0251
kernel-source: before 4.19.90-2405.5.0.0251
perf: before 4.19.90-2405.5.0.0251
python2-perf: before 4.19.90-2405.5.0.0251
bpftool-debuginfo: before 4.19.90-2405.5.0.0251
python3-perf: before 4.19.90-2405.5.0.0251
python3-perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debuginfo: before 4.19.90-2405.5.0.0251
kernel-tools-devel: before 4.19.90-2405.5.0.0251
bpftool: before 4.19.90-2405.5.0.0251
kernel-tools: before 4.19.90-2405.5.0.0251
kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251
perf-debuginfo: before 4.19.90-2405.5.0.0251
kernel-debugsource: before 4.19.90-2405.5.0.0251
kernel: before 4.19.90-2405.5.0.0251
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
