openEuler 22.03 LTS SP3 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 77 |
| CVE-ID | CVE-2022-48655 CVE-2022-48674 CVE-2023-52477 CVE-2023-52620 CVE-2023-52628 CVE-2023-52631 CVE-2023-52633 CVE-2023-52637 CVE-2023-52639 CVE-2023-52642 CVE-2023-52644 CVE-2023-6270 CVE-2024-26642 CVE-2024-26645 CVE-2024-26665 CVE-2024-26668 CVE-2024-26669 CVE-2024-26671 CVE-2024-26679 CVE-2024-26680 CVE-2024-26684 CVE-2024-26685 CVE-2024-26688 CVE-2024-26689 CVE-2024-26697 CVE-2024-26706 CVE-2024-26707 CVE-2024-26720 CVE-2024-26726 CVE-2024-26733 CVE-2024-26734 CVE-2024-26735 CVE-2024-26739 CVE-2024-26740 CVE-2024-26743 CVE-2024-26744 CVE-2024-26754 CVE-2024-26763 CVE-2024-26776 CVE-2024-26782 CVE-2024-26787 CVE-2024-26791 CVE-2024-26792 CVE-2024-26801 CVE-2024-26804 CVE-2024-26805 CVE-2024-26808 CVE-2024-26809 CVE-2024-26811 CVE-2024-26812 CVE-2024-26814 CVE-2024-26817 CVE-2024-26828 CVE-2024-26829 CVE-2024-26839 CVE-2024-26840 CVE-2024-26843 CVE-2024-26846 CVE-2024-26852 CVE-2024-26855 CVE-2024-26859 CVE-2024-26862 CVE-2024-26863 CVE-2024-26865 CVE-2024-26869 CVE-2024-26870 CVE-2024-26872 CVE-2024-26875 CVE-2024-26878 CVE-2024-26880 CVE-2024-26893 CVE-2024-26895 CVE-2024-26896 CVE-2024-26897 CVE-2024-26917 CVE-2024-26921 CVE-2024-26922 |
| CWE-ID | CWE-125 CWE-416 CWE-908 CWE-284 CWE-121 CWE-476 CWE-399 CWE-362 CWE-269 CWE-835 CWE-682 CWE-190 CWE-401 CWE-119 CWE-667 CWE-388 CWE-200 CWE-369 CWE-415 CWE-825 CWE-404 CWE-191 CWE-366 CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 77 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU91400
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48655
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds read error within the scmi_domain_reset() function in drivers/firmware/arm_scmi/reset.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU90174
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48674
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the fs/erofs/internal.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use of uninitialized resource
EUVDB-ID: #VU89393
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52477
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of uninitialized BOS descriptors in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU89268
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52620
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c when setting timeouts from userspace. A local user can bypass implemented security restrictions and perform a denial of service attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Stack-based buffer overflow
EUVDB-ID: #VU87901
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52628
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nft_exthdr_sctp_eval(), nft_exthdr_tcp_eval(), and nft_exthdr_ipv6_eval() functions. A local user can pass specially crafted data to the system, trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU91240
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52631
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fs/ntfs3/ntfs_fs.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource management error
EUVDB-ID: #VU93282
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52633
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the time_travel_update_time(), time_travel_set_start() and timer_read() functions in arch/um/kernel/time.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU90218
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52637
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the j1939_sk_match_dst(), j1939_sk_match_filter(), j1939_sk_init() and j1939_sk_setsockopt() functions in net/can/j1939/socket.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Race condition
EUVDB-ID: #VU91483
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52639
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the gmap_shadow() function in arch/s390/mm/gmap.c, within the acquire_gmap_shadow() function in arch/s390/kvm/vsie.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper privilege management
EUVDB-ID: #VU93736
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52642
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the lirc_dev_exit() and rc_dev_get_from_fd() functions in drivers/media/rc/lirc_dev.c, within the lirc_prog_attach(), lirc_prog_detach() and lirc_prog_query() functions in drivers/media/rc/bpf-lirc.c. A local user can read and manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Infinite loop
EUVDB-ID: #VU93068
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52644
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the b43_dma_tx() and b43_dma_handle_txstatus() functions in drivers/net/wireless/broadcom/b43/dma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU91599
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6270
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper access control
EUVDB-ID: #VU88150
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26642
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c. A local user can set arbitrary timeouts, which can result in a denial of service condition.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Incorrect calculation
EUVDB-ID: #VU93762
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26645
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __tracing_map_insert() function in kernel/trace/tracing_map.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU90336
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26665
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iptunnel_pmtud_build_icmpv6() function in net/ipv4/ip_tunnel_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Integer overflow
EUVDB-ID: #VU91180
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26668
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the nft_limit_eval() and nft_limit_init() functions in net/netfilter/nft_limit.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory leak
EUVDB-ID: #VU90010
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26669
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fl_tmplt_destroy() function in net/sched/cls_flower.c, within the tcf_block_playback_offloads() and tc_chain_tmplt_add() functions in net/sched/cls_api.c, within the void() function in include/net/sch_generic.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Buffer overflow
EUVDB-ID: #VU92977
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26671
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the blk_mq_mark_tag_wait() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper locking
EUVDB-ID: #VU92044
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26679
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU93350
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26680
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aq_ring_free() function in drivers/net/ethernet/aquantia/atlantic/aq_ring.c, within the aq_ptp_ring_alloc() and aq_ptp_ring_free() functions in drivers/net/ethernet/aquantia/atlantic/aq_ptp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper error handling
EUVDB-ID: #VU90952
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26684
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dwxgmac3_handle_dma_err(), dwxgmac3_safety_feat_config(), dwxgmac3_safety_feat_irq_status() and dwxgmac3_safety_feat_dump() functions in drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Race condition
EUVDB-ID: #VU91481
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26685
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the nilfs_segctor_prepare_write(), nilfs_abort_logs() and nilfs_segctor_complete_write() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) NULL pointer dereference
EUVDB-ID: #VU90603
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26688
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hugetlbfs_parse_param() function in fs/hugetlbfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU90220
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26689
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __prep_cap() and __send_cap() functions in fs/ceph/caps.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Information disclosure
EUVDB-ID: #VU91365
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26697
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the nilfs_prepare_segment_for_recovery(), nilfs_recovery_copy_block() and nilfs_recover_dsync_blocks() functions in fs/nilfs2/recovery.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper error handling
EUVDB-ID: #VU92945
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26706
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the fixup_exception() function in arch/parisc/mm/fault.c, within the emulate_ldh(), emulate_ldw(), emulate_ldd(), emulate_sth(), emulate_stw() and emulate_std() functions in arch/parisc/kernel/unaligned.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Resource management error
EUVDB-ID: #VU93206
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26707
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the send_hsr_supervision_frame() and send_prp_supervision_frame() functions in net/hsr/hsr_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Division by zero
EUVDB-ID: #VU91379
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26720
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the wb_dirty_limits() function in mm/page-writeback.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper locking
EUVDB-ID: #VU90791
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26726
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the clear_extent_uptodate() function in fs/btrfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Buffer overflow
EUVDB-ID: #VU92952
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26733
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the arp_req_get() function in net/ipv4/arp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Memory leak
EUVDB-ID: #VU90009
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26734
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the devlink_init() function in net/devlink/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Use-after-free
EUVDB-ID: #VU90215
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26735
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seg6_init() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Use-after-free
EUVDB-ID: #VU90214
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26739
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcf_mirred_to_dev() function in net/sched/act_mirred.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper locking
EUVDB-ID: #VU90789
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26740
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mirred_egress_to_ingress_tcp_test() function in tools/testing/selftests/net/forwarding/tc_actions.sh, within the is_mirred_nested() and tcf_mirred_to_dev() functions in net/sched/act_mirred.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper locking
EUVDB-ID: #VU92042
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26743
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qedr_create_user_qp() function in drivers/infiniband/hw/qedr/verbs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) NULL pointer dereference
EUVDB-ID: #VU90596
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26744
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the module_param() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Use-after-free
EUVDB-ID: #VU90217
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26754
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gtp_init() function in drivers/net/gtp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Resource management error
EUVDB-ID: #VU93859
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26763
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources during authentication within the kcryptd_crypt_write_convert() function in drivers/md/dm-crypt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) NULL pointer dereference
EUVDB-ID: #VU90601
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26776
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hisi_sfc_v3xx_isr() function in drivers/spi/spi-hisi-sfc-v3xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Double free
EUVDB-ID: #VU90927
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26782
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the mptcp_inet6_sk() and mptcp_sk_clone() functions in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Information disclosure
EUVDB-ID: #VU89239
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26787
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output within the sdmmc_idma_start() function in drivers/mmc/host/mmci_stm32_sdmmc.c. A local user can gain access to sensitive information.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Out-of-bounds read
EUVDB-ID: #VU91098
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26791
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the btrfs_check_replace_dev_names() and btrfs_dev_replace_by_ioctl() functions in fs/btrfs/dev-replace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Double free
EUVDB-ID: #VU90897
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26792
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the create_pending_snapshot() function in fs/btrfs/transaction.c, within the create_subvol() function in fs/btrfs/ioctl.c, within the btrfs_free_fs_info(), btrfs_init_fs_root(), btrfs_put_root() and btrfs_get_fs_root() functions in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Use-after-free
EUVDB-ID: #VU90209
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26801
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_error_reset() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Use-after-free
EUVDB-ID: #VU90212
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26804
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tnl_update_pmtu(), ip_md_tunnel_xmit() and ip_tunnel_xmit() functions in net/ipv4/ip_tunnel.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Use of uninitialized resource
EUVDB-ID: #VU90879
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26805
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the netlink_group_mask() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Expired pointer dereference
EUVDB-ID: #VU93809
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26808
CWE-ID:
CWE-825 - Expired pointer dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a stale reference within the nf_tables_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Improper resource shutdown or release
EUVDB-ID: #VU93747
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26809
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the nft_pipapo_destroy() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Buffer overflow
EUVDB-ID: #VU88543
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26811
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when installing malicious ksmbd-tools. A local user can force the ksmbd.mountd to return invalid ipc response to ksmbd kernel server, trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Improper locking
EUVDB-ID: #VU91529
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26812
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_intx_handler() and vfio_pci_set_intx_trigger() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Improper error handling
EUVDB-ID: #VU92058
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26814
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vfio_fsl_mc_set_irq_trigger() function in drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Integer overflow
EUVDB-ID: #VU88544
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26817
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the kfd_ioctl_get_process_apertures_new() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Integer underflow
EUVDB-ID: #VU91674
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26828
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the parse_server_interfaces() function in fs/smb/client/smb2ops.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Memory leak
EUVDB-ID: #VU90475
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26829
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the irtoy_tx() function in drivers/media/rc/ir_toy.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Memory leak
EUVDB-ID: #VU90471
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26839
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the init_credit_return() function in drivers/infiniband/hw/hfi1/pio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Memory leak
EUVDB-ID: #VU90005
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26840
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kmem_cache_free() and cachefiles_daemon_unbind() functions in fs/cachefiles/bind.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Buffer overflow
EUVDB-ID: #VU93404
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26843
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the riscv_enable_runtime_services() function in drivers/firmware/efi/riscv-runtime.c, within the arm_enable_runtime_services() function in drivers/firmware/efi/arm-runtime.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Double free
EUVDB-ID: #VU90896
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26846
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the LIST_HEAD(), nvme_fc_free_lport(), nvme_fc_init_module(), device_destroy() and nvme_fc_delete_controllers() functions in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Use-after-free
EUVDB-ID: #VU90194
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26852
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_route_multipath_add() and list_for_each_entry_safe() functions in net/ipv6/route.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) NULL pointer dereference
EUVDB-ID: #VU90576
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26855
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_bridge_setlink() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) NULL pointer dereference
EUVDB-ID: #VU90573
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26859
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Race condition within a thread
EUVDB-ID: #VU91434
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26862
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the packet_setsockopt() and packet_getsockopt() functions in net/packet/af_packet.c, within the dev_queue_xmit_nit() function in net/core/dev.c. A local user can manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Use of uninitialized resource
EUVDB-ID: #VU90877
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26863
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hsr_get_node() function in net/hsr/hsr_framereg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Use-after-free
EUVDB-ID: #VU90195
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26865
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_twsk_purge() function in net/ipv4/tcp_minisocks.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Improper locking
EUVDB-ID: #VU92036
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26869
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_inplace_write_data() and f2fs_wait_on_block_writeback_range() functions in fs/f2fs/segment.c, within the do_checkpoint() function in fs/f2fs/checkpoint.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Buffer overflow
EUVDB-ID: #VU92006
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26870
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nfs4_listxattr() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Use-after-free
EUVDB-ID: #VU90199
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26872
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the srpt_add_one() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Use-after-free
EUVDB-ID: #VU90193
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26875
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pvr2_context_exit() function in drivers/media/usb/pvrusb2/pvrusb2-context.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) NULL pointer dereference
EUVDB-ID: #VU90574
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26878
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dquot_mark_dquot_dirty(), __dquot_alloc_space(), dquot_alloc_inode(), EXPORT_SYMBOL(), dquot_claim_space_nodirty(), dquot_reclaim_space_nodirty(), __dquot_free_space(), dquot_free_inode() and __dquot_transfer() functions in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Resource management error
EUVDB-ID: #VU92988
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26880
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __dm_internal_suspend() and __dm_internal_resume() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) NULL pointer dereference
EUVDB-ID: #VU90577
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26893
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smc_chan_free() function in drivers/firmware/arm_scmi/smc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Use-after-free
EUVDB-ID: #VU90202
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26895
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wilc_netdev_cleanup() function in drivers/net/wireless/microchip/wilc1000/netdev.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Memory leak
EUVDB-ID: #VU89998
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26896
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wfx_set_mfp_ap() function in drivers/net/wireless/silabs/wfx/sta.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) NULL pointer dereference
EUVDB-ID: #VU90580
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26897
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ath9k_wmi_event_tasklet() function in drivers/net/wireless/ath/ath9k/wmi.c, within the ath9k_tx_init() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c, within the ath9k_htc_probe_device() function in drivers/net/wireless/ath/ath9k/htc_drv_init.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Improper locking
EUVDB-ID: #VU90778
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26917
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fcoe_ctlr_announce(), fcoe_ctlr_els_send(), fcoe_ctlr_flogi_send_locked(), fcoe_ctlr_flogi_retry() and fcoe_ctlr_flogi_send() functions in drivers/scsi/fcoe/fcoe_ctlr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Integer underflow
EUVDB-ID: #VU91672
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26921
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nf_ct_frag6_queue() and nf_ct_frag6_gather() functions in net/ipv6/netfilter/nf_conntrack_reasm.c, within the ip_frag_queue() and ip_defrag() functions in net/ipv4/ip_fragment.c, within the FRAG_CB(), inet_frag_queue_insert(), inet_frag_reasm_prepare(), EXPORT_SYMBOL() and inet_frag_reasm_finish() functions in net/ipv4/inet_fragment.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Input validation error
EUVDB-ID: #VU89054
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26922
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the amdgpu_vm_bo_insert_map(), amdgpu_vm_bo_map(), amdgpu_vm_bo_replace_map(), and amdgpu_vm_bo_clear_mappings() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c. A local user can pass specially crafted input to the driver and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-199.0.0.112
kernel-debuginfo: before 5.10.0-199.0.0.112
perf: before 5.10.0-199.0.0.112
kernel-source: before 5.10.0-199.0.0.112
python3-perf: before 5.10.0-199.0.0.112
kernel-debugsource: before 5.10.0-199.0.0.112
kernel-headers: before 5.10.0-199.0.0.112
kernel-tools-debuginfo: before 5.10.0-199.0.0.112
perf-debuginfo: before 5.10.0-199.0.0.112
kernel-tools-devel: before 5.10.0-199.0.0.112
kernel-tools: before 5.10.0-199.0.0.112
kernel-devel: before 5.10.0-199.0.0.112
kernel: before 5.10.0-199.0.0.112
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
