openEuler 22.03 LTS SP1 update for kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 69 |
| CVE-ID | CVE-2022-48659 CVE-2022-48660 CVE-2023-52609 CVE-2023-52615 CVE-2023-52616 CVE-2023-52621 CVE-2023-52623 CVE-2023-52629 CVE-2023-52633 CVE-2023-52635 CVE-2023-52637 CVE-2023-52639 CVE-2023-52644 CVE-2023-52675 CVE-2023-52676 CVE-2023-52685 CVE-2023-52690 CVE-2023-52694 CVE-2024-24860 CVE-2024-26610 CVE-2024-26633 CVE-2024-26635 CVE-2024-26636 CVE-2024-26640 CVE-2024-26641 CVE-2024-26642 CVE-2024-26645 CVE-2024-26661 CVE-2024-26665 CVE-2024-26675 CVE-2024-26679 CVE-2024-26684 CVE-2024-26685 CVE-2024-26686 CVE-2024-26697 CVE-2024-26702 CVE-2024-26706 CVE-2024-26707 CVE-2024-26712 CVE-2024-26720 CVE-2024-26726 CVE-2024-26733 CVE-2024-26734 CVE-2024-26735 CVE-2024-26740 CVE-2024-26743 CVE-2024-26744 CVE-2024-26754 CVE-2024-26763 CVE-2024-26776 CVE-2024-26782 CVE-2024-26787 CVE-2024-26801 CVE-2024-26805 CVE-2024-26808 CVE-2024-26809 CVE-2024-26851 CVE-2024-26881 CVE-2024-26900 CVE-2024-26901 CVE-2024-26903 CVE-2024-26907 CVE-2024-26937 CVE-2024-27395 CVE-2024-27396 CVE-2024-27398 CVE-2024-27431 CVE-2024-35849 CVE-2024-35943 |
| CWE-ID | CWE-119 CWE-399 CWE-362 CWE-667 CWE-665 CWE-617 CWE-416 CWE-835 CWE-476 CWE-190 CWE-401 CWE-20 CWE-908 CWE-824 CWE-284 CWE-682 CWE-125 CWE-388 CWE-200 CWE-369 CWE-415 CWE-825 CWE-404 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python3-perf Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component python3-perf-debuginfo Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 69 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU93399
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48659
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the create_unique_id() and sysfs_slab_add() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU93198
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48660
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the lineevent_create() function in drivers/gpio/gpiolib-cdev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Race condition
EUVDB-ID: #VU91484
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52609
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the binder_update_page_range() function in drivers/android/binder_alloc.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper locking
EUVDB-ID: #VU90798
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52615
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rng_get_data() and rng_dev_read() functions in drivers/char/hw_random/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Initialization
EUVDB-ID: #VU91556
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52616
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the mpi_ec_init() function in lib/mpi/ec.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Reachable assertion
EUVDB-ID: #VU90912
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52621
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the rcu_read_lock_held(), BPF_CALL_4() and BPF_CALL_2() functions in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper locking
EUVDB-ID: #VU92046
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52623
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xprt_iter_current_entry() and rpc_xprt_switch_has_addr() functions in net/sunrpc/xprtmultipath.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU90221
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52629
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the switch_drv_remove() function in arch/sh/drivers/push-switch.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Resource management error
EUVDB-ID: #VU93282
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52633
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the time_travel_update_time(), time_travel_set_start() and timer_read() functions in arch/um/kernel/time.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper locking
EUVDB-ID: #VU92045
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52635
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the devfreq_monitor(), devfreq_monitor_start() and devfreq_monitor_stop() functions in drivers/devfreq/devfreq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU90218
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52637
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the j1939_sk_match_dst(), j1939_sk_match_filter(), j1939_sk_init() and j1939_sk_setsockopt() functions in net/can/j1939/socket.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Race condition
EUVDB-ID: #VU91483
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52639
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the gmap_shadow() function in arch/s390/mm/gmap.c, within the acquire_gmap_shadow() function in arch/s390/kvm/vsie.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Infinite loop
EUVDB-ID: #VU93068
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52644
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the b43_dma_tx() and b43_dma_handle_txstatus() functions in drivers/net/wireless/broadcom/b43/dma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) NULL pointer dereference
EUVDB-ID: #VU90547
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52675
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the update_events_in_group() function in arch/powerpc/perf/imc-pmu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Integer overflow
EUVDB-ID: #VU93061
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52676
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the check_ptr_to_map_access() and check_stack_access_within_bounds() functions in kernel/bpf/verifier.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Buffer overflow
EUVDB-ID: #VU91437
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52685
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the persistent_ram_init_ecc() function in fs/pstore/ram_core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory leak
EUVDB-ID: #VU89981
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52690
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the scom_debug_init_one() function in arch/powerpc/platforms/powernv/opal-xscom.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Resource management error
EUVDB-ID: #VU91606
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52694
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the tpd12s015_probe() function in drivers/gpu/drm/bridge/ti-tpd12s015.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Race condition
EUVDB-ID: #VU86580
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24860
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the {min,max}_key_size_set() function in the Linux kernel bluetooth device driver. A remote attacker with physical proximity to device can send specially crafted packets to the system and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Buffer overflow
EUVDB-ID: #VU89679
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26610
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the iwl_dbg_tlv_override_trig_node() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Input validation error
EUVDB-ID: #VU89267
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26633
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in NEXTHDR_FRAGMENT handling within the ip6_tnl_parse_tlv_enc_lim() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use of uninitialized resource
EUVDB-ID: #VU90880
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26635
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cpu_to_be16() function in net/llc/llc_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU90859
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26636
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the llc_ui_sendmsg() function in net/llc/af_llc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Resource management error
EUVDB-ID: #VU89397
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26640
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the skb_advance_to_frag() function in net/ipv4/tcp.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Access of Uninitialized Pointer
EUVDB-ID: #VU89396
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26641
CWE-ID:
CWE-824 - Access of Uninitialized Pointer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to access to uninitialized data within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper access control
EUVDB-ID: #VU88150
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26642
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c. A local user can set arbitrary timeouts, which can result in a denial of service condition.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Incorrect calculation
EUVDB-ID: #VU93762
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26645
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __tracing_map_insert() function in kernel/trace/tracing_map.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Resource management error
EUVDB-ID: #VU93260
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26661
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dcn21_set_abm_immediate_disable() function in drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Out-of-bounds read
EUVDB-ID: #VU90336
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26665
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iptunnel_pmtud_build_icmpv6() function in net/ipv4/ip_tunnel_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Input validation error
EUVDB-ID: #VU90858
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26675
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_async_ioctl() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improper locking
EUVDB-ID: #VU92044
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26679
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper error handling
EUVDB-ID: #VU90952
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26684
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dwxgmac3_handle_dma_err(), dwxgmac3_safety_feat_config(), dwxgmac3_safety_feat_irq_status() and dwxgmac3_safety_feat_dump() functions in drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Race condition
EUVDB-ID: #VU91481
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26685
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the nilfs_segctor_prepare_write(), nilfs_abort_logs() and nilfs_segctor_complete_write() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper locking
EUVDB-ID: #VU91530
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26686
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_task_stat() function in fs/proc/array.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Information disclosure
EUVDB-ID: #VU91365
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26697
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the nilfs_prepare_segment_for_recovery(), nilfs_recovery_copy_block() and nilfs_recover_dsync_blocks() functions in fs/nilfs2/recovery.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Out-of-bounds read
EUVDB-ID: #VU91100
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26702
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rm3100_common_probe() function in drivers/iio/magnetometer/rm3100-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Improper error handling
EUVDB-ID: #VU92945
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26706
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the fixup_exception() function in arch/parisc/mm/fault.c, within the emulate_ldh(), emulate_ldw(), emulate_ldd(), emulate_sth(), emulate_stw() and emulate_std() functions in arch/parisc/kernel/unaligned.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Resource management error
EUVDB-ID: #VU93206
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26707
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the send_hsr_supervision_frame() and send_prp_supervision_frame() functions in net/hsr/hsr_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Buffer overflow
EUVDB-ID: #VU93400
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26712
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the kasan_init_region() function in arch/powerpc/mm/kasan/kasan_init_32.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Division by zero
EUVDB-ID: #VU91379
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26720
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the wb_dirty_limits() function in mm/page-writeback.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Improper locking
EUVDB-ID: #VU90791
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26726
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the clear_extent_uptodate() function in fs/btrfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Buffer overflow
EUVDB-ID: #VU92952
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26733
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the arp_req_get() function in net/ipv4/arp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Memory leak
EUVDB-ID: #VU90009
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26734
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the devlink_init() function in net/devlink/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Use-after-free
EUVDB-ID: #VU90215
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26735
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seg6_init() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper locking
EUVDB-ID: #VU90789
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26740
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mirred_egress_to_ingress_tcp_test() function in tools/testing/selftests/net/forwarding/tc_actions.sh, within the is_mirred_nested() and tcf_mirred_to_dev() functions in net/sched/act_mirred.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Improper locking
EUVDB-ID: #VU92042
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26743
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qedr_create_user_qp() function in drivers/infiniband/hw/qedr/verbs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) NULL pointer dereference
EUVDB-ID: #VU90596
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26744
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the module_param() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Use-after-free
EUVDB-ID: #VU90217
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26754
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gtp_init() function in drivers/net/gtp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Resource management error
EUVDB-ID: #VU93859
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26763
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources during authentication within the kcryptd_crypt_write_convert() function in drivers/md/dm-crypt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) NULL pointer dereference
EUVDB-ID: #VU90601
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26776
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hisi_sfc_v3xx_isr() function in drivers/spi/spi-hisi-sfc-v3xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Double free
EUVDB-ID: #VU90927
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26782
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the mptcp_inet6_sk() and mptcp_sk_clone() functions in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Information disclosure
EUVDB-ID: #VU89239
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26787
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output within the sdmmc_idma_start() function in drivers/mmc/host/mmci_stm32_sdmmc.c. A local user can gain access to sensitive information.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Use-after-free
EUVDB-ID: #VU90209
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26801
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_error_reset() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Use of uninitialized resource
EUVDB-ID: #VU90879
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26805
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the netlink_group_mask() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Expired pointer dereference
EUVDB-ID: #VU93809
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26808
CWE-ID:
CWE-825 - Expired pointer dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a stale reference within the nf_tables_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Improper resource shutdown or release
EUVDB-ID: #VU93747
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26809
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the nft_pipapo_destroy() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Out-of-bounds read
EUVDB-ID: #VU91096
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26851
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the decode_seq() function in net/netfilter/nf_conntrack_h323_asn1.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) NULL pointer dereference
EUVDB-ID: #VU90578
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26881
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hclge_ptp_get_rx_hwts() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Memory leak
EUVDB-ID: #VU90468
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26900
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bind_rdev_to_array() function in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Information disclosure
EUVDB-ID: #VU91363
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26901
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to information disclosure within the do_sys_name_to_handle() function in fs/fhandle.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) NULL pointer dereference
EUVDB-ID: #VU92070
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26903
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rfcomm_process_rx() function in net/bluetooth/rfcomm/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Improper locking
EUVDB-ID: #VU92037
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26907
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the set_eth_seg() function in drivers/infiniband/hw/mlx5/wr.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Reachable assertion
EUVDB-ID: #VU90909
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26937
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the gen11_emit_fini_breadcrumb_rcs() function in drivers/gpu/drm/i915/gt/intel_lrc.c, within the __engine_park() function in drivers/gpu/drm/i915/gt/intel_engine_pm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Use-after-free
EUVDB-ID: #VU90169
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27395
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ovs_ct_limit_exit() function in net/openvswitch/conntrack.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Use-after-free
EUVDB-ID: #VU90168
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27396
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gtp_dellink() function in drivers/net/gtp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Use-after-free
EUVDB-ID: #VU89672
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27398
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the sco_sock_timeout() function in net/bluetooth/sco.c. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Use of uninitialized resource
EUVDB-ID: #VU92003
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27431
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cpu_map_bpf_prog_run_xdp() function in kernel/bpf/cpumap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Information disclosure
EUVDB-ID: #VU91345
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35849
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the init_data_container() function in fs/btrfs/backref.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) NULL pointer dereference
EUVDB-ID: #VU90544
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35943
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the omap_prm_domain_init() function in drivers/pmdomain/ti/omap_prm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.76.0.156
kernel-source: before 5.10.0-136.76.0.156
kernel-tools-devel: before 5.10.0-136.76.0.156
kernel-tools-debuginfo: before 5.10.0-136.76.0.156
kernel-headers: before 5.10.0-136.76.0.156
kernel-tools: before 5.10.0-136.76.0.156
kernel-devel: before 5.10.0-136.76.0.156
perf-debuginfo: before 5.10.0-136.76.0.156
python3-perf-debuginfo: before 5.10.0-136.76.0.156
kernel-debuginfo: before 5.10.0-136.76.0.156
perf: before 5.10.0-136.76.0.156
kernel-debugsource: before 5.10.0-136.76.0.156
kernel: before 5.10.0-136.76.0.156
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1648
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
