openEuler 20.03 LTS SP4 update for kernel
Security Bulletin
This security bulletin contains information about 37 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU90484
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47270
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tcm_bind() function in drivers/usb/gadget/function/f_tcm.c, within the geth_bind() function in drivers/usb/gadget/function/f_subset.c, within the usb_assign_descriptors() function in drivers/usb/gadget/function/f_sourcesink.c, within the gser_bind() function in drivers/usb/gadget/function/f_serial.c, within the rndis_bind() function in drivers/usb/gadget/function/f_rndis.c, within the usb_assign_descriptors() function in drivers/usb/gadget/function/f_printer.c, within the usb_assign_descriptors() function in drivers/usb/gadget/function/f_loopback.c, within the eem_bind() function in drivers/usb/gadget/function/f_eem.c, within the ecm_bind() function in drivers/usb/gadget/function/f_ecm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU90391
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47515
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the seg6_do_srh_encap() function in net/ipv6/seg6_iptunnel.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use of uninitialized resource
EUVDB-ID: #VU92933
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47583
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mxl111sf_init() and mxl111sf_get_stream_config_dvbt() functions in drivers/media/usb/dvb-usb-v2/mxl111sf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU93309
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47611
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee802_11_parse_elems_crc() function in net/mac80211/util.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU92919
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47619
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_get_lump() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU92907
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48717
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the speaker_gain_control_put() function in sound/soc/codecs/max9759.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory leak
EUVDB-ID: #VU92892
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48722
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ca8210_async_xmit_complete() function in drivers/net/ieee802154/ca8210.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU92901
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48736
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_xr_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU92903
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48738
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_volsw() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Integer underflow
EUVDB-ID: #VU92928
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48743
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the xgbe_rx_buf2_len() function in drivers/net/ethernet/amd/xgbe/xgbe-drv.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU92950
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48744
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the mlx5e_xmit_xdp_frame() function in drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Resource management error
EUVDB-ID: #VU92960
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48758
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnx2fc_bind_pcidev(), bnx2fc_indicate_netevent(), bnx2fc_vport_destroy(), bnx2fc_if_create(), __bnx2fc_destroy(), bnx2fc_destroy_work() and bnx2fc_ulp_exit() functions in drivers/scsi/bnx2fc/bnx2fc_fcoe.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU93327
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48772
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lgdt3306a_probe() function in drivers/media/dvb-frontends/lgdt3306a.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Information disclosure
EUVDB-ID: #VU91333
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52730
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sdio_read_func_cis() and sdio_free_func_cis() functions in drivers/mmc/core/sdio_cis.c, within the sdio_release_func(), sdio_alloc_func() and sdio_add_func() functions in drivers/mmc/core/sdio_bus.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU91600
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23848
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Memory leak
EUVDB-ID: #VU93016
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-31076
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the migrate_one_irq() function in kernel/irq/cpuhotplug.c, within the __send_cleanup_vector(), irq_complete_move() and irq_force_complete_move() functions in arch/x86/kernel/apic/vector.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory leak
EUVDB-ID: #VU93609
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35893
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcf_skbmod_dump() function in net/sched/act_skbmod.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use of uninitialized resource
EUVDB-ID: #VU90874
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35915
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nci_rx_work() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU89897
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36014
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the malidp_mw_connector_reset() function in drivers/gpu/drm/arm/malidp_mw.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper locking
EUVDB-ID: #VU93436
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36949
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kgd2kfd_suspend() and kgd2kfd_resume() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds read
EUVDB-ID: #VU93024
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37356
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net/ipv4/tcp_dctcp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) NULL pointer dereference
EUVDB-ID: #VU92351
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38546
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vc4_hdmi_audio_init() function in drivers/gpu/drm/vc4/vc4_hdmi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper locking
EUVDB-ID: #VU92369
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38553
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fec_set_mac_address() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Memory leak
EUVDB-ID: #VU92294
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38554
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds read
EUVDB-ID: #VU92328
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38559
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds read
EUVDB-ID: #VU92322
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38578
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the write_tag_66_packet() function in fs/ecryptfs/keystore.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Buffer overflow
EUVDB-ID: #VU92953
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38579
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the spu2_dump_omd() function in drivers/crypto/bcm/spu2.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper locking
EUVDB-ID: #VU92366
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38582
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_sync(), nilfs_segctor_wakeup(), nilfs_segctor_notify() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU92311
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38583
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_segctor_start_timer(), nilfs_construct_dsync_segment(), nilfs_segctor_notify(), nilfs_segctor_thread(), nilfs_segctor_new() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Input validation error
EUVDB-ID: #VU92371
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38618
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU93032
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38633
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the max3100_probe() and max3100_remove() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper locking
EUVDB-ID: #VU93038
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38634
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the max3100_sr() and max3100_handlerx() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) NULL pointer dereference
EUVDB-ID: #VU93046
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38637
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __gb_lights_flash_brightness_set() and gb_lights_light_v4l2_register() functions in drivers/staging/greybus/light.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Out-of-bounds read
EUVDB-ID: #VU93080
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38659
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the enic_set_vf_port() function in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper locking
EUVDB-ID: #VU93034
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38780
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sync_print_obj() function in drivers/dma-buf/sync_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Use of uninitialized resource
EUVDB-ID: #VU93337
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39301
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the p9_fcall_init() function in net/9p/client.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Privilege escalation
EUVDB-ID: #VU1045
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-5519
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to gain elevated orivileges on the target system.
The weakness is due to improper processing of crafted packets during the enrollment operation. Flaw in the Oracle GlassFish Server Java Server Faces component lets attacker to increase his privileges.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
