Risk | Low |
Patch available | YES |
Number of vulnerabilities | 35 |
CVE-ID | CVE-2021-47618 CVE-2022-48733 CVE-2022-48744 CVE-2022-48765 CVE-2022-48772 CVE-2023-52873 CVE-2024-35879 CVE-2024-35893 CVE-2024-35969 CVE-2024-35988 CVE-2024-35989 CVE-2024-36014 CVE-2024-36489 CVE-2024-37353 CVE-2024-37354 CVE-2024-38381 CVE-2024-38547 CVE-2024-38552 CVE-2024-38553 CVE-2024-38554 CVE-2024-38577 CVE-2024-38579 CVE-2024-38582 CVE-2024-38583 CVE-2024-38590 CVE-2024-38596 CVE-2024-38602 CVE-2024-38603 CVE-2024-38625 CVE-2024-38633 CVE-2024-38637 CVE-2024-38780 CVE-2024-39301 CVE-2024-39362 CVE-2024-39467 |
CWE-ID | CWE-476 CWE-416 CWE-119 CWE-399 CWE-401 CWE-20 CWE-362 CWE-908 CWE-125 CWE-667 CWE-366 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 35 vulnerabilities.
EUVDB-ID: #VU92918
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47618
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the obj-$() function in arch/arm/probes/kprobes/Makefile. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92895
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48733
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_wait_delalloc_flush() and btrfs_commit_transaction() functions in fs/btrfs/transaction.c, within the create_snapshot() function in fs/btrfs/ioctl.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92950
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48744
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the mlx5e_xmit_xdp_frame() function in drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93276
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48765
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvm_apic_set_state() function in arch/x86/kvm/lapic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93327
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48772
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lgdt3306a_probe() function in drivers/media/dvb-frontends/lgdt3306a.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90428
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52873
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the clk_mt6779_apmixed_probe() and clk_mt6779_top_probe() functions in drivers/clk/mediatek/clk-mt6779.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89979
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35879
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pr_fmt() and of_changeset_destroy() functions in drivers/of/dynamic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93609
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35893
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcf_skbmod_dump() function in net/sched/act_skbmod.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90143
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35969
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ipv6_get_ifaddr() function in net/ipv6/addrconf.c, within the in6_ifa_hold() function in include/net/addrconf.h. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94125
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35988
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the arch/riscv/include/asm/pgtable.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93472
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35989
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the perf_event_cpu_offline() function in drivers/dma/idxd/perfmon.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89897
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36014
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the malidp_mw_connector_reset() function in drivers/gpu/drm/arm/malidp_mw.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93030
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36489
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tls_ctx_create() function in net/tls/tls_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93179
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37353
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vp_find_vqs_msix() function in drivers/virtio/virtio_pci_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93373
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37354
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the btrfs_log_prealloc_extents() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93042
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38381
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nci_core_ntf_packet() and nci_rx_work() functions in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92350
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38547
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the load_video_binaries() function in drivers/staging/media/atomisp/pci/sh_css.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92330
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38552
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92369
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38553
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fec_set_mac_address() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92294
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38554
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92378
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38577
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kernel/rcu/tasks.h. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92953
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38579
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the spu2_dump_omd() function in drivers/crypto/bcm/spu2.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92366
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38582
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_sync(), nilfs_segctor_wakeup(), nilfs_segctor_notify() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92311
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38583
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_segctor_start_timer(), nilfs_construct_dsync_segment(), nilfs_segctor_notify(), nilfs_segctor_thread(), nilfs_segctor_new() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93087
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38590
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the get_cqe_status() function in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92380
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38596
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the unix_stream_sendmsg() function in net/unix/af_unix.c. A local user can manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92296
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38602
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_addr_ax25dev(), ax25_dev_device_up() and ax25_dev_device_down() functions in net/ax25/ax25_dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92297
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38603
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hns3_pmu_irq_register() function in drivers/perf/hisilicon/hns3_pmu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93045
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38625
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ntfs_get_block_vbo() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93032
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38633
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the max3100_probe() and max3100_remove() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93046
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38637
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __gb_lights_flash_brightness_set() and gb_lights_light_v4l2_register() functions in drivers/staging/greybus/light.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93034
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38780
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sync_print_obj() function in drivers/dma-buf/sync_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93337
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39301
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the p9_fcall_init() function in net/9p/client.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93334
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39362
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the i2c_acpi_find_client_by_adev() and i2c_acpi_notify() functions in drivers/i2c/i2c-core-acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93325
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39467
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sanity_check_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.84.0.165
python3-perf: before 5.10.0-136.84.0.165
perf-debuginfo: before 5.10.0-136.84.0.165
perf: before 5.10.0-136.84.0.165
kernel-tools-devel: before 5.10.0-136.84.0.165
kernel-tools-debuginfo: before 5.10.0-136.84.0.165
kernel-tools: before 5.10.0-136.84.0.165
kernel-source: before 5.10.0-136.84.0.165
kernel-headers: before 5.10.0-136.84.0.165
kernel-devel: before 5.10.0-136.84.0.165
kernel-debugsource: before 5.10.0-136.84.0.165
kernel-debuginfo: before 5.10.0-136.84.0.165
kernel: before 5.10.0-136.84.0.165
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1838
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.