openEuler 22.03 LTS SP1 update for kernel
Security Bulletin
This security bulletin contains information about 24 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU90028
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47070
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hv_uio_probe() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of uninitialized resource
EUVDB-ID: #VU90882
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47101
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the asix_check_host_enable() function in drivers/net/usb/asix_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds write
EUVDB-ID: #VU88895
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52464
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the thunderx_ocx_com_threaded_isr() function in drivers/edac/thunderx_edac.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU90247
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52475
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the powermate_disconnect() function in drivers/input/misc/powermate.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory leak
EUVDB-ID: #VU91657
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52500
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mpi_set_controller_config_resp() function in drivers/scsi/pm8001/pm80xx_hwi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU90350
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52507
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nci_activate_target() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU90235
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52510
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ca8210_register_ext_clock() and ca8210_unregister_ext_clock() functions in drivers/net/ieee802154/ca8210.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU90236
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52515
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the srp_abort() function in drivers/infiniband/ulp/srp/ib_srp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper locking
EUVDB-ID: #VU90804
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52516
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __dma_entry_alloc(), __dma_entry_alloc_check_leak() and dma_entry_alloc() functions in kernel/dma/debug.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Resource management error
EUVDB-ID: #VU89387
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52522
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the neigh_periodic_work() function in net/core/neighbour.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU90237
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52530
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ieee80211_key_link() function in net/mac80211/key.c, within the ieee80211_add_key() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Memory leak
EUVDB-ID: #VU90024
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52560
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the damon_do_test_apply_three_regions() function in mm/damon/vaddr-test.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper error handling
EUVDB-ID: #VU90957
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52561
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/arm64/boot/dts/qcom/sdm845-db845c.dts. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU90238
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52566
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_gccache_submit_read_data() function in fs/nilfs2/gcinode.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) NULL pointer dereference
EUVDB-ID: #VU90637
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52568
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sgx_encl_eldu(), __sgx_encl_load_page() and sgx_encl_eaug_page() functions in arch/x86/kernel/cpu/sgx/encl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) NULL pointer dereference
EUVDB-ID: #VU90842
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52573
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rds_rdma_cm_event_handler_cmn() function in net/rds/rdma_transport.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Race condition
EUVDB-ID: #VU89384
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52578
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a data race within the br_handle_frame_finish() function in net/bridge/br_input.c. A local user can exploit the race and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper locking
EUVDB-ID: #VU90802
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52583
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper locking
EUVDB-ID: #VU91541
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52587
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipoib_mcast_join() function in drivers/infiniband/ulp/ipoib/ipoib_multicast.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU90343
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52594
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_txstatus() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper locking
EUVDB-ID: #VU90803
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52595
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Security features bypass
EUVDB-ID: #VU92172
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52597
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Resource management error
EUVDB-ID: #VU93864
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52598
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in arch/s390/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Buffer overflow
EUVDB-ID: #VU93471
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52622
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the alloc_flex_gd() and ext4_setup_next_flex_gd() functions in fs/ext4/resize.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf: before 5.10.0-136.72.0.152
kernel-tools: before 5.10.0-136.72.0.152
kernel-source: before 5.10.0-136.72.0.152
kernel-headers: before 5.10.0-136.72.0.152
kernel-tools-debuginfo: before 5.10.0-136.72.0.152
kernel-debugsource: before 5.10.0-136.72.0.152
python3-perf-debuginfo: before 5.10.0-136.72.0.152
kernel-devel: before 5.10.0-136.72.0.152
perf-debuginfo: before 5.10.0-136.72.0.152
kernel-debuginfo: before 5.10.0-136.72.0.152
perf: before 5.10.0-136.72.0.152
kernel-tools-devel: before 5.10.0-136.72.0.152
kernel: before 5.10.0-136.72.0.152
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
