openEuler 24.03 LTS update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 46 |
| CVE-ID | CVE-2022-48772 CVE-2024-31076 CVE-2024-36489 CVE-2024-36949 CVE-2024-36952 CVE-2024-36962 CVE-2024-36965 CVE-2024-37353 CVE-2024-37354 CVE-2024-37356 CVE-2024-38551 CVE-2024-38552 CVE-2024-38554 CVE-2024-38555 CVE-2024-38562 CVE-2024-38564 CVE-2024-38577 CVE-2024-38579 CVE-2024-38582 CVE-2024-38588 CVE-2024-38598 CVE-2024-38599 CVE-2024-38602 CVE-2024-38604 CVE-2024-38610 CVE-2024-38622 CVE-2024-38623 CVE-2024-38624 CVE-2024-38625 CVE-2024-38628 CVE-2024-38629 CVE-2024-38630 CVE-2024-38634 CVE-2024-38637 CVE-2024-38662 CVE-2024-38664 CVE-2024-38780 CVE-2024-39296 CVE-2024-39301 CVE-2024-39362 CVE-2024-39371 CVE-2024-39461 CVE-2024-39466 CVE-2024-39467 CVE-2024-39468 CVE-2024-39470 |
| CWE-ID | CWE-476 CWE-401 CWE-667 CWE-362 CWE-119 CWE-399 CWE-125 CWE-416 CWE-264 CWE-190 CWE-908 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 46 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU93327
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48772
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lgdt3306a_probe() function in drivers/media/dvb-frontends/lgdt3306a.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory leak
EUVDB-ID: #VU93016
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-31076
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the migrate_one_irq() function in kernel/irq/cpuhotplug.c, within the __send_cleanup_vector(), irq_complete_move() and irq_force_complete_move() functions in arch/x86/kernel/apic/vector.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU93030
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36489
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tls_ctx_create() function in net/tls/tls_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper locking
EUVDB-ID: #VU93436
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36949
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kgd2kfd_suspend() and kgd2kfd_resume() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Race condition
EUVDB-ID: #VU91463
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36952
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper locking
EUVDB-ID: #VU91440
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36962
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ks8851_dbg_dumpkkt(), ks8851_rx_pkts() and ks8851_irq() functions in drivers/net/ethernet/micrel/ks8851_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU93307
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36965
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scp_elf_read_ipi_buf_addr() and scp_ipi_init() functions in drivers/remoteproc/mtk_scp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource management error
EUVDB-ID: #VU93179
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37353
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vp_find_vqs_msix() function in drivers/virtio/virtio_pci_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Race condition
EUVDB-ID: #VU93373
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37354
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the btrfs_log_prealloc_extents() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU93024
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37356
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net/ipv4/tcp_dctcp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU92347
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38551
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the set_card_codec_info() function in sound/soc/mediatek/common/mtk-soundcard-driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU92330
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38552
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory leak
EUVDB-ID: #VU92294
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38554
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU92307
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38555
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cmd_comp_notifier() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU92326
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38562
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nl80211_trigger_scan() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU93849
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38564
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass certain security restrictions.
The vulnerability exists due to improper checks within with bpf_prog_attach_check_attach_type() function in kernel/bpf/syscall.c. A local user can bypass certain security restrictions.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Buffer overflow
EUVDB-ID: #VU92378
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38577
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kernel/rcu/tasks.h. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Buffer overflow
EUVDB-ID: #VU92953
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38579
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the spu2_dump_omd() function in drivers/crypto/bcm/spu2.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper locking
EUVDB-ID: #VU92366
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38582
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_sync(), nilfs_segctor_wakeup(), nilfs_segctor_notify() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU92312
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38588
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lookup_rec(), ftrace_location_range(), ftrace_process_locs(), ftrace_release_mod() and ftrace_free_mem() functions in kernel/trace/ftrace.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds read
EUVDB-ID: #VU92320
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38598
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __acquires() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds read
EUVDB-ID: #VU92319
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38599
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_jffs2_setxattr() function in fs/jffs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Memory leak
EUVDB-ID: #VU92296
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38602
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_addr_ax25dev(), ax25_dev_device_up() and ax25_dev_device_down() functions in net/ax25/ax25_dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Resource management error
EUVDB-ID: #VU93291
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38604
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the blkdev_iomap_begin() function in block/fops.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU92313
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38610
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the acrn_vm_memseg_unmap() and acrn_vm_ram_map() functions in drivers/virt/acrn/mm.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) NULL pointer dereference
EUVDB-ID: #VU93044
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38622
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dpu_core_irq_callback_handler() function in drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Buffer overflow
EUVDB-ID: #VU93236
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38623
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the fs/ntfs3/ntfs.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Integer overflow
EUVDB-ID: #VU93059
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38624
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the log_read_rst() function in fs/ntfs3/fslog.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) NULL pointer dereference
EUVDB-ID: #VU93045
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38625
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ntfs_get_block_vbo() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper locking
EUVDB-ID: #VU93037
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38628
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the free_ep_fback(), u_audio_set_volume(), u_audio_set_mute() and g_audio_setup() functions in drivers/usb/gadget/function/u_audio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Use-after-free
EUVDB-ID: #VU93070
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38629
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the idxd_wq_del_cdev() function in drivers/dma/idxd/cdev.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Use-after-free
EUVDB-ID: #VU93021
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38630
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cpu5wdt_exit() function in drivers/watchdog/cpu5wdt.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper locking
EUVDB-ID: #VU93038
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38634
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the max3100_sr() and max3100_handlerx() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) NULL pointer dereference
EUVDB-ID: #VU93046
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38637
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __gb_lights_flash_brightness_set() and gb_lights_light_v4l2_register() functions in drivers/staging/greybus/light.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper locking
EUVDB-ID: #VU93033
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38662
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the may_update_sockmap() and check_map_func_compatibility() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper locking
EUVDB-ID: #VU93127
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38664
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the zynqmp_dpsub_probe() and zynqmp_dpsub_remove() functions in drivers/gpu/drm/xlnx/zynqmp_dpsub.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Improper locking
EUVDB-ID: #VU93034
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38780
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sync_print_obj() function in drivers/dma-buf/sync_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Resource management error
EUVDB-ID: #VU93338
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39296
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bonding_init() and bonding_exit() functions in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use of uninitialized resource
EUVDB-ID: #VU93337
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39301
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the p9_fcall_init() function in net/9p/client.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper locking
EUVDB-ID: #VU93334
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39362
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the i2c_acpi_find_client_by_adev() and i2c_acpi_notify() functions in drivers/i2c/i2c-core-acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) NULL pointer dereference
EUVDB-ID: #VU93329
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39371
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the io_ring_buffer_select() function in io_uring/kbuf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Out-of-bounds read
EUVDB-ID: #VU93323
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39461
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the raspberrypi_discover_clocks() function in drivers/clk/bcm/clk-raspberrypi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) NULL pointer dereference
EUVDB-ID: #VU93331
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39466
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lmh_probe() function in drivers/thermal/qcom/lmh.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Out-of-bounds read
EUVDB-ID: #VU93325
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39467
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sanity_check_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper locking
EUVDB-ID: #VU93335
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39468
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smb2_find_smb_tcon() function in fs/smb/client/smb2transport.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) NULL pointer dereference
EUVDB-ID: #VU93332
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39470
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the eventfs_find_events() function in fs/tracefs/event_inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
