openEuler 22.03 LTS SP1 update for kernel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 61 |
| CVE-ID | CVE-2021-47247 CVE-2021-47265 CVE-2021-47356 CVE-2021-47558 CVE-2022-48652 CVE-2023-52646 CVE-2023-52677 CVE-2023-52680 CVE-2023-52686 CVE-2023-52702 CVE-2023-52705 CVE-2023-52745 CVE-2023-52746 CVE-2023-52753 CVE-2023-52775 CVE-2023-52796 CVE-2023-52798 CVE-2023-52799 CVE-2023-52800 CVE-2023-52803 CVE-2023-52807 CVE-2023-52865 CVE-2023-52875 CVE-2024-27393 CVE-2024-27399 CVE-2024-27402 CVE-2024-27415 CVE-2024-35790 CVE-2024-35809 CVE-2024-35853 CVE-2024-35854 CVE-2024-35855 CVE-2024-35886 CVE-2024-35888 CVE-2024-35895 CVE-2024-35896 CVE-2024-35905 CVE-2024-35915 CVE-2024-35924 CVE-2024-35925 CVE-2024-35967 CVE-2024-35973 CVE-2024-36008 CVE-2024-36017 CVE-2024-36021 CVE-2024-36029 CVE-2024-36883 CVE-2024-36886 CVE-2024-36889 CVE-2024-36898 CVE-2024-36899 CVE-2024-36901 CVE-2024-36902 CVE-2024-36905 CVE-2024-36906 CVE-2024-36908 CVE-2024-36924 CVE-2024-36929 CVE-2024-36949 CVE-2024-36957 CVE-2024-36964 |
| CWE-ID | CWE-416 CWE-20 CWE-399 CWE-362 CWE-476 CWE-388 CWE-401 CWE-125 CWE-119 CWE-667 CWE-835 CWE-908 CWE-369 CWE-665 CWE-193 CWE-269 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system kernel-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component python3-perf-debuginfo Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 61 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU90090
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47247
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5e_take_all_route_decap_flows() and mlx5e_encap_valid() functions in drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_encap.c, within the wait_for_completion() and mlx5e_take_all_encap_flows() functions in drivers/net/ethernet/mellanox/mlx5/core/en/rep/tc.c, within the mlx5e_rep_neigh_update() and mlx5e_rep_update_flows() functions in drivers/net/ethernet/mellanox/mlx5/core/en/rep/neigh.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU93174
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47265
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5_ib_create_flow() function in drivers/infiniband/hw/mlx5/fs.c, within the mlx4_ib_create_flow() function in drivers/infiniband/hw/mlx4/main.c, within the ib_uverbs_ex_create_flow() function in drivers/infiniband/core/uverbs_cmd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU90134
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47356
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the HFC_cleanup() function in drivers/isdn/hardware/mISDN/hfcpci.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU92963
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47558
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the stmmac_release() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Race condition
EUVDB-ID: #VU93379
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48652
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the ice_set_dflt_vsi_ctx(), ice_vsi_setup_q_map(), ice_vsi_setup_q_map_mqprio() and ice_vsi_cfg_tc() functions in drivers/net/ethernet/intel/ice/ice_lib.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU93858
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52646
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the aio_ring_mremap() function in fs/aio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU93679
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52677
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ALIGN() function in arch/riscv/kernel/vmlinux.lds.S, within the INIT_TEXT_SECTION() function in arch/riscv/kernel/vmlinux-xip.lds.S, within the is_kernel_exittext() and patch_map() functions in arch/riscv/kernel/patch.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper error handling
EUVDB-ID: #VU93618
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52680
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the scarlett2_sync_ctl_get(), scarlett2_master_volume_ctl_get(), scarlett2_volume_ctl_get(), scarlett2_mute_ctl_get(), scarlett2_level_enum_ctl_get(), scarlett2_pad_ctl_get(), scarlett2_air_ctl_get(), scarlett2_phantom_ctl_get(), scarlett2_direct_monitor_ctl_get(), scarlett2_speaker_switch_enum_ctl_get(), scarlett2_talkback_enum_ctl_get(), scarlett2_dim_mute_ctl_get() and scarlett2_mux_src_enum_ctl_get() functions in sound/usb/mixer_scarlett_gen2.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU90548
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52686
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the opal_event_init() function in arch/powerpc/platforms/powernv/opal-irqchip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Memory leak
EUVDB-ID: #VU89943
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52702
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ovs_meter_cmd_set() function in net/openvswitch/meter.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds read
EUVDB-ID: #VU91387
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52705
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nilfs_load_super_block() function in fs/nilfs2/the_nilfs.c, within the nilfs_resize_fs() function in fs/nilfs2/super.c, within the nilfs_ioctl_set_alloc_range() function in fs/nilfs2/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU90414
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52745
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ipoib_intf_init() function in drivers/infiniband/ulp/ipoib/ipoib_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory leak
EUVDB-ID: #VU91620
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52746
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xfrm_xlate32_attr() function in net/xfrm/xfrm_compat.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) NULL pointer dereference
EUVDB-ID: #VU91226
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52753
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_stream_get_vblank_counter() and dc_stream_get_scanoutpos() functions in drivers/gpu/drm/amd/display/dc/core/dc_stream.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU93425
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52775
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the smcr_clnt_conf_first_link() function in net/smc/af_smc.c when handling SMC DECLINE messages. A remote attacker can send specially crafted SMC DECLINE message to the system, trigger memory corruption and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper locking
EUVDB-ID: #VU91506
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52796
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipvlan_addr_lookup(), IS_ENABLED() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU90075
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52798
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath11k_wmi_pdev_dfs_radar_detected_event() function in drivers/net/wireless/ath/ath11k/wmi.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Out-of-bounds read
EUVDB-ID: #VU90281
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52799
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAllocCtl(), dbFindCtl(), dbAllocDmapLev(), dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free
EUVDB-ID: #VU90071
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath11k_htt_pktlog() function in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU90079
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52803
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rpc_clnt_remove_pipedir() and rpc_setup_pipedir() functions in net/sunrpc/clnt.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds read
EUVDB-ID: #VU90287
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52807
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hns3_get_coal_info() function in drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) NULL pointer dereference
EUVDB-ID: #VU90425
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52865
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_topckgen_init(), mtk_infrasys_init_early() and mtk_infrasys_init() functions in drivers/clk/mediatek/clk-mt6797.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) NULL pointer dereference
EUVDB-ID: #VU90424
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52875
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_topckgen_init(), mtk_infrasys_init_early(), mtk_infrasys_init() and mtk_pericfg_init() functions in drivers/clk/mediatek/clk-mt2701.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Memory leak
EUVDB-ID: #VU89353
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27393
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform DoS attack on the target system.
The vulnerability exists due memory leak within the xennet_alloc_one_rx_buffer() function in xen-netback implementation. A malicious guest userspace process can exhaust memory resources within the guest kernel and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU89673
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27399
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error within the l2cap_chan_timeout() function in net/bluetooth/l2cap_core.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper locking
EUVDB-ID: #VU92026
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27402
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pep_sock_enable() and pep_ioctl() functions in net/phonet/pep.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper locking
EUVDB-ID: #VU91317
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27415
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nf_conntrack_init_end() function in net/netfilter/nf_conntrack_core.c, within the nf_ct_bridge_pre() function in net/bridge/netfilter/nf_conntrack_bridge.c, within the IS_ENABLED() and br_nf_pre_routing() functions in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) NULL pointer dereference
EUVDB-ID: #VU90554
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35790
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hpd_show(), dp_altmode_probe(), dp_altmode_remove() and module_typec_altmode_driver() functions in drivers/usb/typec/altmodes/displayport.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper error handling
EUVDB-ID: #VU90947
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35809
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the pci_device_remove() function in drivers/pci/pci-driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Memory leak
EUVDB-ID: #VU89984
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35853
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlxsw_sp_acl_tcam_vchunk_migrate_start() and mlxsw_sp_acl_tcam_vregion_migrate() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Use-after-free
EUVDB-ID: #VU90162
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35854
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_acl_tcam_vregion_rehash() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Use-after-free
EUVDB-ID: #VU90163
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35855
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_acl_tcam_ventry_activity_get() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Infinite loop
EUVDB-ID: #VU91413
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35886
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the inet6_dump_fib() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Use of uninitialized resource
EUVDB-ID: #VU90873
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35888
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ip6erspan_rcv() function in net/ipv6/ip6_gre.c, within the erspan_rcv() function in net/ipv4/ip_gre.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper locking
EUVDB-ID: #VU90752
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35895
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Out-of-bounds read
EUVDB-ID: #VU90309
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35896
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_replace() and compat_do_replace() functions in net/ipv6/netfilter/ip6_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/ip_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/arp_tables.c, within the do_replace(), update_counters() and compat_update_counters() functions in net/bridge/netfilter/ebtables.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Out-of-bounds read
EUVDB-ID: #VU90307
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35905
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the check_stack_access_within_bounds() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Use of uninitialized resource
EUVDB-ID: #VU90874
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35915
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nci_rx_work() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Buffer overflow
EUVDB-ID: #VU93623
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35924
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ucsi_read_message_in(), ucsi_read_error(), ucsi_send_command() and ucsi_register() functions in drivers/usb/typec/ucsi/ucsi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Division by zero
EUVDB-ID: #VU91373
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35925
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the blk_rq_stat_init() function in block/blk-stat.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Out-of-bounds read
EUVDB-ID: #VU90303
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35967
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sco_sock_setsockopt() function in net/bluetooth/sco.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Use of uninitialized resource
EUVDB-ID: #VU90872
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35973
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the geneve_xmit_skb() and geneve6_xmit_skb() functions in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) NULL pointer dereference
EUVDB-ID: #VU92068
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36008
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip_route_use_hint() function in net/ipv4/route.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Out-of-bounds read
EUVDB-ID: #VU93081
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36017
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_setvfinfo() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper Initialization
EUVDB-ID: #VU91548
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36021
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the hclge_init_ae_dev() and hclge_comm_cmd_uninit() functions in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Resource management error
EUVDB-ID: #VU92981
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36029
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sdhci_msm_runtime_suspend() and sdhci_msm_runtime_resume() functions in drivers/mmc/host/sdhci-msm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Out-of-bounds read
EUVDB-ID: #VU90272
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36883
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net_alloc_generic() and register_pernet_operations() functions in net/core/net_namespace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Use-after-free
EUVDB-ID: #VU90049
Risk: High
CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36886
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Use of uninitialized resource
EUVDB-ID: #VU90975
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36889
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mptcp_stream_connect() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Use of uninitialized resource
EUVDB-ID: #VU92002
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36898
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the edge_detector_update() function in drivers/gpio/gpiolib-cdev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Use-after-free
EUVDB-ID: #VU90048
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36899
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gpio_chrdev_release() function in drivers/gpio/gpiolib-cdev.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) NULL pointer dereference
EUVDB-ID: #VU91224
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36901
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip6_output() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) NULL pointer dereference
EUVDB-ID: #VU91222
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36902
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __fib6_rule_action() function in net/ipv6/fib6_rules.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Race condition
EUVDB-ID: #VU93375
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36905
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tcp_send_fin() function in net/ipv4/tcp_output.c, within the tcp_rcv_state_process() function in net/ipv4/tcp_input.c, within the tcp_shutdown() and __tcp_close() functions in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Out-of-bounds read
EUVDB-ID: #VU90271
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36906
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ENDPROC() function in arch/arm/kernel/sleep.S. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Resource management error
EUVDB-ID: #VU93278
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36908
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iocg_pay_debt() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Improper locking
EUVDB-ID: #VU90734
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36924
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lpfc_set_rrq_active() and lpfc_sli_post_recovery_event() functions in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c, within the lpfc_els_retry_delay() function in drivers/scsi/lpfc/lpfc_els.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Improper error handling
EUVDB-ID: #VU93449
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36929
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the skb_alloc_rx_flag() and skb_copy_expand() functions in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Improper locking
EUVDB-ID: #VU93436
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36949
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kgd2kfd_suspend() and kgd2kfd_resume() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Off-by-one
EUVDB-ID: #VU91171
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36957
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the rvu_dbg_qsize_write() function in drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Improper privilege management
EUVDB-ID: #VU93734
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36964
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-debuginfo: before 5.10.0-136.79.0.159
python3-perf: before 5.10.0-136.79.0.159
perf: before 5.10.0-136.79.0.159
kernel-tools-debuginfo: before 5.10.0-136.79.0.159
python3-perf-debuginfo: before 5.10.0-136.79.0.159
kernel-source: before 5.10.0-136.79.0.159
kernel-tools: before 5.10.0-136.79.0.159
perf-debuginfo: before 5.10.0-136.79.0.159
kernel-debugsource: before 5.10.0-136.79.0.159
kernel-devel: before 5.10.0-136.79.0.159
kernel-tools-devel: before 5.10.0-136.79.0.159
kernel-headers: before 5.10.0-136.79.0.159
kernel: before 5.10.0-136.79.0.159
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1706
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
