openEuler 22.03 LTS SP2 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 53 |
| CVE-ID | CVE-2021-47421 CVE-2021-47455 CVE-2022-48708 CVE-2023-52650 CVE-2023-52656 CVE-2023-52664 CVE-2023-52683 CVE-2023-52698 CVE-2023-52804 CVE-2023-52813 CVE-2023-52817 CVE-2023-52835 CVE-2023-52837 CVE-2023-52844 CVE-2023-52860 CVE-2023-52867 CVE-2023-52879 CVE-2024-26787 CVE-2024-26801 CVE-2024-26814 CVE-2024-26881 CVE-2024-26923 CVE-2024-26950 CVE-2024-26958 CVE-2024-26961 CVE-2024-26965 CVE-2024-26976 CVE-2024-26982 CVE-2024-26993 CVE-2024-27000 CVE-2024-27008 CVE-2024-27045 CVE-2024-27059 CVE-2024-27073 CVE-2024-27075 CVE-2024-27389 CVE-2024-27407 CVE-2024-27419 CVE-2024-35791 CVE-2024-35801 CVE-2024-35805 CVE-2024-35806 CVE-2024-35818 CVE-2024-35835 CVE-2024-35844 CVE-2024-35898 CVE-2024-35922 CVE-2024-35930 CVE-2024-35936 CVE-2024-35940 CVE-2024-35976 CVE-2024-35997 CVE-2024-36006 |
| CWE-ID | CWE-667 CWE-401 CWE-476 CWE-477 CWE-415 CWE-190 CWE-125 CWE-399 CWE-416 CWE-119 CWE-200 CWE-388 CWE-20 CWE-369 CWE-121 CWE-366 CWE-682 CWE-835 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system kernel-source Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component python3-perf-debuginfo Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 53 vulnerabilities.
1) Improper locking
EUVDB-ID: #VU90742
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47421
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the amdgpu_pci_error_detected() and amdgpu_pci_resume() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory leak
EUVDB-ID: #VU89939
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47455
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ptp_clock_register() function in drivers/ptp/ptp_clock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU91227
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48708
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pcs_set_mux() function in drivers/pinctrl/pinctrl-single.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU90517
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52650
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tegra_dsi_ganged_probe() function in drivers/gpu/drm/tegra/dsi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of obsolete function
EUVDB-ID: #VU93856
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52656
CWE-ID:
CWE-477 - Use of Obsolete Function
Exploit availability: No
DescriptionThe vulnerability allows a local user to have negative impact on system performance.
The vulnerability exists due to usage of dead code related to SCM_RIGHTS within the io_allocate_scq_urings(), io_ring_ctx_free(), and io_cqring_wait() function in fs/io_uring.c. A local user can influence system performance.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Double free
EUVDB-ID: #VU90893
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52664
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the aq_vec_ring_alloc() function in drivers/net/ethernet/aquantia/atlantic/aq_vec.c, within the aq_get_rxpages(), aq_ring_alloc(), aq_ring_rx_alloc() and aq_ring_hwts_rx_alloc() functions in drivers/net/ethernet/aquantia/atlantic/aq_ring.c, within the aq_ptp_ring_alloc() function in drivers/net/ethernet/aquantia/atlantic/aq_ptp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU91424
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52683
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the lpit_update_residency() function in drivers/acpi/acpi_lpit.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory leak
EUVDB-ID: #VU89982
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52698
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the netlbl_calipso_ops_register(), netlbl_calipso_add_pass() and netlbl_calipso_genl_init() functions in net/netlabel/netlabel_calipso.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU90284
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52804
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Resource management error
EUVDB-ID: #VU91607
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52813
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the pcrypt_aead_encrypt() function in crypto/pcrypt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU90432
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52817
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_debugfs_regs_smc_read() and amdgpu_debugfs_regs_smc_write() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU91084
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52835
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rb_alloc_aux() function in kernel/events/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU90080
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52837
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_dev_remove(), nbd_release() and IS_ENABLED() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) NULL pointer dereference
EUVDB-ID: #VU90448
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52844
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vidtv_psi_service_desc_init() and kstrdup() functions in drivers/media/test-drivers/vidtv/vidtv_psi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) NULL pointer dereference
EUVDB-ID: #VU90458
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52860
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hns3_pmu_init_pmu() and hns3_pmu_uninit_pmu() functions in drivers/perf/hisilicon/hns3_pmu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Buffer overflow
EUVDB-ID: #VU91308
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52867
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the drivers/gpu/drm/radeon/evergreen.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU90084
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52879
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the apply_event_filter() function in kernel/trace/trace_events_filter.c, within the remove_subsystem(), event_enable_read(), event_enable_write(), event_filter_read() and trace_create_new_event() functions in kernel/trace/trace_events.c, within the register_event_command() function in kernel/trace/trace.h, within the tracing_open_file_tr() and tracing_release_file_tr() functions in kernel/trace/trace.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Information disclosure
EUVDB-ID: #VU89239
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26787
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output within the sdmmc_idma_start() function in drivers/mmc/host/mmci_stm32_sdmmc.c. A local user can gain access to sensitive information.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free
EUVDB-ID: #VU90209
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26801
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_error_reset() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper error handling
EUVDB-ID: #VU92058
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26814
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vfio_fsl_mc_set_irq_trigger() function in drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU90578
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26881
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hclge_ptp_get_rx_hwts() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper locking
EUVDB-ID: #VU92035
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26923
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper locking within the unix_gc() function in net/unix/garbage.c due to garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. A local user can execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) NULL pointer dereference
EUVDB-ID: #VU91460
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26950
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_peer() function in drivers/net/wireguard/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU90183
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26958
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the , within the wait_on_commit() function in fs/nfs/write.c, within the nfs_direct_commit_schedule() function in fs/nfs/direct.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU90186
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26961
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mac802154_llsec_key_del_rcu() function in net/mac802154/llsec.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds read
EUVDB-ID: #VU91393
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26965
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-msm8974.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper locking
EUVDB-ID: #VU90774
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26976
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the async_pf_execute(), kvm_clear_async_pf_completion_queue(), kvm_check_async_pf_completion() and kvm_setup_async_pf() functions in virt/kvm/async_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Input validation error
EUVDB-ID: #VU90857
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26982
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the squashfs_new_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Information disclosure
EUVDB-ID: #VU91355
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26993
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sysfs_break_active_protection() function in fs/sysfs/file.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper locking
EUVDB-ID: #VU91450
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27000
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mxs_auart_set_ldisc() and mxs_auart_irq_handle() functions in drivers/tty/serial/mxs-auart.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Out-of-bounds read
EUVDB-ID: #VU91095
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27008
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the apply_dcb_encoder_quirks() and fabricate_dcb_encoder_table() functions in drivers/gpu/drm/nouveau/nouveau_bios.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Buffer overflow
EUVDB-ID: #VU91310
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27045
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dp_dsc_clock_en_read() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Division by zero
EUVDB-ID: #VU91374
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27059
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the isd200_dump_driveid(), isd200_get_inquiry_data() and isd200_init_info() functions in drivers/usb/storage/isd200.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Memory leak
EUVDB-ID: #VU90455
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27073
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the budget_av_attach() function in drivers/media/pci/ttpci/budget-av.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Stack-based buffer overflow
EUVDB-ID: #VU91298
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27075
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack overflow within the stv0367_writeregs() function in drivers/media/dvb-frontends/stv0367.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Resource management error
EUVDB-ID: #VU91608
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27389
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the pstore_put_backend_records() function in fs/pstore/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Buffer overflow
EUVDB-ID: #VU93624
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27407
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Race condition within a thread
EUVDB-ID: #VU91429
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27419
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the nr_state1_machine(), nr_state2_machine() and nr_state3_machine() functions in net/netrom/nr_in.c, within the nr_rx_frame() function in net/netrom/af_netrom.c. A local user can manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU90165
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35791
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the svm_register_enc_region() function in arch/x86/kvm/svm/sev.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Input validation error
EUVDB-ID: #VU93680
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35801
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fpu__init_cpu_xstate() function in arch/x86/kernel/fpu/xstate.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Improper locking
EUVDB-ID: #VU91519
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35805
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dm_exception_table_exit() function in drivers/md/dm-snap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Improper locking
EUVDB-ID: #VU90755
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35806
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qm_congestion_task() and qman_create_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Improper locking
EUVDB-ID: #VU91447
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35818
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the arch/loongarch/include/asm/io.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Double free
EUVDB-ID: #VU90923
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35835
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the arfs_create_groups() function in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Incorrect calculation
EUVDB-ID: #VU93756
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35844
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the reserve_compress_blocks(), f2fs_reserve_compress_blocks() and mnt_drop_write_file() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Race condition within a thread
EUVDB-ID: #VU91427
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35898
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the nf_tables_flowtable_parse_hook() and nft_flowtable_type_get() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Division by zero
EUVDB-ID: #VU91372
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35922
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the fb_get_mode() and fb_videomode_from_videomode() functions in drivers/video/fbdev/core/fbmon.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Memory leak
EUVDB-ID: #VU89976
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35930
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lpfc_rcv_padisc() function in drivers/scsi/lpfc/lpfc_nportdisc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improper error handling
EUVDB-ID: #VU90942
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35936
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mutex_unlock() function in fs/btrfs/volumes.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) NULL pointer dereference
EUVDB-ID: #VU90542
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35940
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the psz_kmsg_read() function in fs/pstore/zone.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Out-of-bounds read
EUVDB-ID: #VU90305
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35976
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xsk_setsockopt() function in net/xdp/xsk.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Infinite loop
EUVDB-ID: #VU91412
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35997
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the __i2c_hid_command() and i2c_hid_irq() functions in drivers/hid/i2c-hid/i2c-hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Resource management error
EUVDB-ID: #VU93838
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36006
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mlxsw_sp_acl_tcam_vchunk_migrate_one() and mlxsw_sp_acl_tcam_vchunk_migrate_all() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-source: before 5.10.0-153.56.0.134
perf: before 5.10.0-153.56.0.134
python3-perf-debuginfo: before 5.10.0-153.56.0.134
perf-debuginfo: before 5.10.0-153.56.0.134
python3-perf: before 5.10.0-153.56.0.134
kernel-debugsource: before 5.10.0-153.56.0.134
kernel-headers: before 5.10.0-153.56.0.134
kernel-tools: before 5.10.0-153.56.0.134
kernel-tools-debuginfo: before 5.10.0-153.56.0.134
kernel-tools-devel: before 5.10.0-153.56.0.134
kernel-devel: before 5.10.0-153.56.0.134
kernel-debuginfo: before 5.10.0-153.56.0.134
kernel: before 5.10.0-153.56.0.134
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1681
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
