openEuler 22.03 LTS SP1 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 35 |
| CVE-ID | CVE-2021-47432 CVE-2021-47622 CVE-2022-48814 CVE-2022-48816 CVE-2022-48844 CVE-2023-52757 CVE-2023-52781 CVE-2024-36939 CVE-2024-38559 CVE-2024-38568 CVE-2024-38578 CVE-2024-38589 CVE-2024-38618 CVE-2024-38619 CVE-2024-39469 CVE-2024-39472 CVE-2024-39494 CVE-2024-39499 CVE-2024-39505 CVE-2024-40904 CVE-2024-40905 CVE-2024-40912 CVE-2024-40929 CVE-2024-40932 CVE-2024-40941 CVE-2024-40943 CVE-2024-40968 CVE-2024-40974 CVE-2024-40983 CVE-2024-40984 CVE-2024-40987 CVE-2024-41004 CVE-2024-41005 CVE-2024-41007 CVE-2024-41009 |
| CWE-ID | CWE-190 CWE-667 CWE-399 CWE-401 CWE-416 CWE-682 CWE-388 CWE-125 CWE-20 CWE-908 CWE-476 CWE-119 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 35 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU91179
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47432
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the __genradix_iter_peek() function in lib/generic-radix-tree.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper locking
EUVDB-ID: #VU94457
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47622
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL_GPL(), ufshcd_hba_capabilities(), ufshcd_wait_for_dev_cmd(), ufshcd_exec_dev_cmd(), ufshcd_issue_devman_upiu_cmd() and ufshcd_init() functions in drivers/scsi/ufs/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU94474
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48814
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vsc9953_mdio_bus_alloc() and vsc9953_mdio_bus_free() functions in drivers/net/dsa/ocelot/seville_vsc9953.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper locking
EUVDB-ID: #VU94452
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48816
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xs_get_srcport() function in net/sunrpc/xprtsock.c, within the rpc_sysfs_xprt_srcaddr_show() function in net/sunrpc/sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory leak
EUVDB-ID: #VU94400
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48844
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hci_release_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU90069
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52757
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_mid() function in fs/smb/client/transport.c, within the __smb2_handle_cancelled_cmd() function in fs/smb/client/smb2misc.c, within the cifs_compose_mount_options(), __release_mid() and cifs_get_tcon_super() functions in fs/smb/client/cifsproto.h. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Incorrect calculation
EUVDB-ID: #VU93611
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52781
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the usb_get_bos_descriptor() function in drivers/usb/core/config.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper error handling
EUVDB-ID: #VU92054
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36939
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nfs_net_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU92328
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38559
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU92325
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38568
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hns3_pmu_validate_event_group() function in drivers/perf/hisilicon/hns3_pmu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds read
EUVDB-ID: #VU92322
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38578
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the write_tag_66_packet() function in fs/ecryptfs/keystore.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper locking
EUVDB-ID: #VU92365
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38589
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nr_add_node() and nr_del_node() functions in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU92371
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38618
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use of uninitialized resource
EUVDB-ID: #VU93082
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38619
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the short_pack() and alauda_check_media() functions in drivers/usb/storage/alauda.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper error handling
EUVDB-ID: #VU93336
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39469
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_empty_dir() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU93820
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39472
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xlog_do_recovery_pass() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU94223
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39494
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ima_eventname_init_common() function in security/integrity/ima/ima_template_lib.c, within the ima_collect_measurement() and ima_d_path() functions in security/integrity/ima/ima_api.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Memory leak
EUVDB-ID: #VU94201
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39499
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the event_deliver() function in drivers/misc/vmw_vmci/vmci_event.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU94259
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39505
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the komeda_component_get_avail_scaler() function in drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper locking
EUVDB-ID: #VU94283
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40904
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wdm_int_callback() function in drivers/usb/class/cdc-wdm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU94257
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40905
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_get_pcpu_route() function in net/ipv6/route.c, within the __fib6_drop_pcpu_from() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper locking
EUVDB-ID: #VU94282
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40912
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ieee80211_sta_ps_deliver_wakeup() function in net/mac80211/sta_info.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU94234
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40929
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iwl_mvm_scan_umac_dwell() and iwl_mvm_scan_umac_dwell_v10() functions in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Memory leak
EUVDB-ID: #VU94204
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40932
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vidi_get_modes() function in drivers/gpu/drm/exynos/exynos_drm_vidi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Buffer overflow
EUVDB-ID: #VU94315
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40941
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the iwl_mvm_mfu_assert_dump_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper locking
EUVDB-ID: #VU94278
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40943
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ocfs2_change_file_space() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Input validation error
EUVDB-ID: #VU94319
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40968
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __cvmx_pcie_build_config_addr() function in arch/mips/pci/pcie-octeon.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Buffer overflow
EUVDB-ID: #VU94301
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40974
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the arch/powerpc/include/asm/hvcall.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Resource management error
EUVDB-ID: #VU94304
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40983
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tipc_rcv() function in net/tipc/node.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) NULL pointer dereference
EUVDB-ID: #VU94239
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40984
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_ex_system_memory_space_handler() function in drivers/acpi/acpica/exregion.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Resource management error
EUVDB-ID: #VU94307
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40987
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper locking
EUVDB-ID: #VU94265
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41004
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kernel/trace/Kconfig. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper locking
EUVDB-ID: #VU94264
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41005
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the netpoll_owner_active() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Resource management error
EUVDB-ID: #VU94345
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41007
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_rtx_probe0_timed_out() function in net/ipv4/tcp_timer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Input validation error
EUVDB-ID: #VU94508
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41009
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __aligned(), bpf_ringbuf_alloc(), bpf_ringbuf_restore_from_rec() and __bpf_ringbuf_reserve() functions in kernel/bpf/ringbuf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.86.0.167
python3-perf: before 5.10.0-136.86.0.167
perf-debuginfo: before 5.10.0-136.86.0.167
perf: before 5.10.0-136.86.0.167
kernel-tools-devel: before 5.10.0-136.86.0.167
kernel-tools-debuginfo: before 5.10.0-136.86.0.167
kernel-tools: before 5.10.0-136.86.0.167
kernel-source: before 5.10.0-136.86.0.167
kernel-headers: before 5.10.0-136.86.0.167
kernel-devel: before 5.10.0-136.86.0.167
kernel-debugsource: before 5.10.0-136.86.0.167
kernel-debuginfo: before 5.10.0-136.86.0.167
kernel: before 5.10.0-136.86.0.167
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
