openEuler 20.03 LTS SP4 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 46 |
| CVE-ID | CVE-2020-36783 CVE-2021-46984 CVE-2021-47054 CVE-2021-47056 CVE-2021-47060 CVE-2021-47061 CVE-2021-47063 CVE-2021-47071 CVE-2021-47074 CVE-2021-47077 CVE-2021-47078 CVE-2021-47101 CVE-2021-47131 CVE-2021-47142 CVE-2021-47143 CVE-2021-47144 CVE-2021-47145 CVE-2021-47146 CVE-2021-47153 CVE-2021-47159 CVE-2021-47160 CVE-2021-47161 CVE-2021-47162 CVE-2021-47163 CVE-2021-47167 CVE-2021-47170 CVE-2021-47171 CVE-2021-47173 CVE-2021-47180 CVE-2023-52464 CVE-2023-52475 CVE-2023-52500 CVE-2023-52507 CVE-2023-52510 CVE-2023-52515 CVE-2023-52522 CVE-2023-52530 CVE-2023-52566 CVE-2023-52578 CVE-2023-52583 CVE-2023-52587 CVE-2023-52594 CVE-2023-52595 CVE-2023-52597 CVE-2023-52598 CVE-2023-52622 |
| CWE-ID | CWE-200 CWE-125 CWE-401 CWE-908 CWE-476 CWE-416 CWE-388 CWE-667 CWE-835 CWE-362 CWE-20 CWE-119 CWE-787 CWE-399 CWE-254 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system kernel-devel Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component python2-perf-debuginfo Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component python3-perf-debuginfo Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component python2-perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 46 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU91405
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36783
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the img_i2c_xfer() and img_i2c_init() functions in drivers/i2c/busses/i2c-img-scb.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU90355
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46984
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dd_request_merge() function in block/mq-deadline.c, within the kyber_limit_depth() function in block/kyber-iosched.c, within the __blk_mq_sched_bio_merge() function in block/blk-mq-sched.c, within the bfq_remove_request() function in block/bfq-iosched.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU91658
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47054
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qcom_ebi2_probe() function in drivers/bus/qcom-ebi2.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use of uninitialized resource
EUVDB-ID: #VU93084
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47056
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the adf_probe() function in drivers/crypto/qat/qat_dh895xccvf/adf_drv.c, within the adf_probe() function in drivers/crypto/qat/qat_c62xvf/adf_drv.c, within the adf_probe() function in drivers/crypto/qat/qat_c3xxxvf/adf_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU92997
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47060
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to a NULL pointer dereference error. A local privileged user can pass specially crafted data to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU90244
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47061
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kvm_io_bus_unregister_dev() function in virt/kvm/kvm_main.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU90243
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47063
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the panel_bridge_attach() function in drivers/gpu/drm/bridge/panel.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory leak
EUVDB-ID: #VU90025
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47071
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hv_uio_probe() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory leak
EUVDB-ID: #VU90027
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47074
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvme_loop_create_ctrl() function in drivers/nvme/target/loop.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU90638
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47077
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qedf_update_link_speed() function in drivers/scsi/qedf/qedf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU90242
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47078
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rxe_qp_init_req(), rxe_qp_init_resp() and rxe_qp_from_init() functions in drivers/infiniband/sw/rxe/rxe_qp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use of uninitialized resource
EUVDB-ID: #VU90882
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47101
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the asix_check_host_enable() function in drivers/net/usb/asix_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU90223
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47131
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tls_ctx_create() function in net/tls/tls_main.c, within the tls_validate_xmit_skb() function in net/tls/tls_device_fallback.c, within the tls_device_gc_task(), tls_device_rx_resync_new_rec(), tls_device_decrypted() and tls_device_down() functions in net/tls/tls_device.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU90222
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47142
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the amdgpu_ttm_tt_unpopulate() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper error handling
EUVDB-ID: #VU90956
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47143
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the EXPORT_SYMBOL_GPL() and smcd_register_dev() functions in net/smc/smc_ism.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Memory leak
EUVDB-ID: #VU91652
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47144
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the amdgpu_fbdev_destroy() function in drivers/gpu/drm/amd/amdgpu/amdgpu_fb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper error handling
EUVDB-ID: #VU93654
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47145
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the link_to_fixup_dir() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper locking
EUVDB-ID: #VU92048
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47146
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mld_newpack() function in net/ipv6/mcast.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper error handling
EUVDB-ID: #VU92059
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47153
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the i801_check_post() function in drivers/i2c/busses/i2c-i801.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Infinite loop
EUVDB-ID: #VU93069
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47159
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the dsa_master_get_strings() function in net/dsa/master.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Memory leak
EUVDB-ID: #VU91651
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47160
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mt7530_port_set_vlan_aware() function in drivers/net/dsa/mt7530.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper error handling
EUVDB-ID: #VU90953
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47161
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dspi_probe() function in drivers/spi/spi-fsl-dspi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Use-after-free
EUVDB-ID: #VU91064
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47162
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Race condition
EUVDB-ID: #VU93381
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47163
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the cleanup_bearer() and tipc_udp_disable() functions in net/tipc/udp_media.c, within the tipc_exit_net() function in net/tipc/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Input validation error
EUVDB-ID: #VU93691
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47167
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfs_pageio_do_add_request() function in fs/nfs/pagelist.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Buffer overflow
EUVDB-ID: #VU93401
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47170
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the proc_bulk() and proc_do_submiturb() functions in drivers/usb/core/devio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Memory leak
EUVDB-ID: #VU90011
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47171
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smsc75xx_bind() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Memory leak
EUVDB-ID: #VU90013
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47173
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the uss720_probe() function in drivers/usb/misc/uss720.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Memory leak
EUVDB-ID: #VU90012
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47180
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the EXPORT_SYMBOL() function in net/nfc/nci/core.c, within the nci_core_conn_create() and nci_hci_allocate() functions in include/net/nfc/nci_core.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Out-of-bounds write
EUVDB-ID: #VU88895
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52464
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the thunderx_ocx_com_threaded_isr() function in drivers/edac/thunderx_edac.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Use-after-free
EUVDB-ID: #VU90247
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52475
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the powermate_disconnect() function in drivers/input/misc/powermate.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Memory leak
EUVDB-ID: #VU91657
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52500
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mpi_set_controller_config_resp() function in drivers/scsi/pm8001/pm80xx_hwi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Out-of-bounds read
EUVDB-ID: #VU90350
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52507
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nci_activate_target() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Use-after-free
EUVDB-ID: #VU90235
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52510
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ca8210_register_ext_clock() and ca8210_unregister_ext_clock() functions in drivers/net/ieee802154/ca8210.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Use-after-free
EUVDB-ID: #VU90236
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52515
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the srp_abort() function in drivers/infiniband/ulp/srp/ib_srp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Resource management error
EUVDB-ID: #VU89387
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52522
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the neigh_periodic_work() function in net/core/neighbour.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Use-after-free
EUVDB-ID: #VU90237
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52530
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ieee80211_key_link() function in net/mac80211/key.c, within the ieee80211_add_key() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Use-after-free
EUVDB-ID: #VU90238
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52566
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_gccache_submit_read_data() function in fs/nilfs2/gcinode.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Race condition
EUVDB-ID: #VU89384
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52578
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a data race within the br_handle_frame_finish() function in net/bridge/br_input.c. A local user can exploit the race and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper locking
EUVDB-ID: #VU90802
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52583
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Improper locking
EUVDB-ID: #VU91541
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52587
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipoib_mcast_join() function in drivers/infiniband/ulp/ipoib/ipoib_multicast.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Out-of-bounds read
EUVDB-ID: #VU90343
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52594
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_txstatus() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Improper locking
EUVDB-ID: #VU90803
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52595
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Security features bypass
EUVDB-ID: #VU92172
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52597
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Resource management error
EUVDB-ID: #VU93864
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52598
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in arch/s390/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Buffer overflow
EUVDB-ID: #VU93471
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52622
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the alloc_flex_gd() and ext4_setup_next_flex_gd() functions in fs/ext4/resize.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-devel: before 4.19.90-2404.2.0.0273
kernel-tools: before 4.19.90-2404.2.0.0273
kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273
python2-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debuginfo: before 4.19.90-2404.2.0.0273
kernel-debugsource: before 4.19.90-2404.2.0.0273
bpftool-debuginfo: before 4.19.90-2404.2.0.0273
python3-perf: before 4.19.90-2404.2.0.0273
python3-perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel-source: before 4.19.90-2404.2.0.0273
perf: before 4.19.90-2404.2.0.0273
python2-perf: before 4.19.90-2404.2.0.0273
kernel-tools-devel: before 4.19.90-2404.2.0.0273
bpftool: before 4.19.90-2404.2.0.0273
perf-debuginfo: before 4.19.90-2404.2.0.0273
kernel: before 4.19.90-2404.2.0.0273
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
