Risk | Low |
Patch available | YES |
Number of vulnerabilities | 42 |
CVE-ID | CVE-2024-34030 CVE-2024-36014 CVE-2024-36016 CVE-2024-36031 CVE-2024-36881 CVE-2024-36939 CVE-2024-36979 CVE-2024-38559 CVE-2024-38578 CVE-2024-38589 CVE-2024-38618 CVE-2024-38619 CVE-2024-39463 CVE-2024-39469 CVE-2024-39472 CVE-2024-39485 CVE-2024-39494 CVE-2024-39499 CVE-2024-39505 CVE-2024-40912 CVE-2024-40916 CVE-2024-40918 CVE-2024-40923 CVE-2024-40929 CVE-2024-40932 CVE-2024-40936 CVE-2024-40941 CVE-2024-40943 CVE-2024-40951 CVE-2024-40952 CVE-2024-40957 CVE-2024-40968 CVE-2024-40974 CVE-2024-40975 CVE-2024-40977 CVE-2024-40983 CVE-2024-40984 CVE-2024-40987 CVE-2024-41004 CVE-2024-41005 CVE-2024-41007 CVE-2024-41009 |
CWE-ID | CWE-476 CWE-787 CWE-20 CWE-388 CWE-416 CWE-125 CWE-667 CWE-908 CWE-401 CWE-119 CWE-399 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 42 vulnerabilities.
EUVDB-ID: #VU93121
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34030
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the of_pci_prop_intr_map() function in drivers/pci/of_property.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89897
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36014
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the malidp_mw_connector_reset() function in drivers/gpu/drm/arm/malidp_mw.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89898
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36016
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the gsm0_receive() function in drivers/tty/n_gsm.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94121
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36031
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __key_instantiate_and_link() function in security/keys/key.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90847
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36881
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the userfaultfd_release() function in fs/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92054
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36939
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nfs_net_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92305
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36979
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the br_mst_vlan_set_state() and br_mst_set_state() functions in net/bridge/br_mst.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92328
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38559
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92322
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38578
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the write_tag_66_packet() function in fs/ecryptfs/keystore.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92365
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38589
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nr_add_node() and nr_del_node() functions in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92371
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38618
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93082
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38619
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the short_pack() and alauda_check_media() functions in drivers/usb/storage/alauda.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93322
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39463
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the v9fs_cached_dentry_delete() function in fs/9p/vfs_dentry.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93336
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39469
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_empty_dir() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93820
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39472
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xlog_do_recovery_pass() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93826
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39485
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __v4l2_async_nf_unregister() function in drivers/media/v4l2-core/v4l2-async.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94223
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39494
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ima_eventname_init_common() function in security/integrity/ima/ima_template_lib.c, within the ima_collect_measurement() and ima_d_path() functions in security/integrity/ima/ima_api.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94201
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39499
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the event_deliver() function in drivers/misc/vmw_vmci/vmci_event.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94259
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39505
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the komeda_component_get_avail_scaler() function in drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94282
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40912
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ieee80211_sta_ps_deliver_wakeup() function in net/mac80211/sta_info.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94281
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40916
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hdmi_get_modes() function in drivers/gpu/drm/exynos/exynos_hdmi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94280
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40918
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the PTR_PAGE_ALIGN_DOWN(), __flush_cache_page(), flush_icache_pages(), pte_needs_flush(), flush_dcache_folio(), purge_kernel_dcache_page_asm(), copy_user_highpage(), __flush_tlb_range(), flush_cache_range(), flush_anon_page() and invalidate_kernel_vmap_range() functions in arch/parisc/kernel/cache.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94290
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40923
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vmxnet3_rq_destroy_all_rxdataring() function in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94234
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40929
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iwl_mvm_scan_umac_dwell() and iwl_mvm_scan_umac_dwell_v10() functions in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94204
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40932
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vidi_get_modes() function in drivers/gpu/drm/exynos/exynos_drm_vidi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94206
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40936
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the devm_cxl_add_region() and __create_region() functions in drivers/cxl/core/region.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94315
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40941
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the iwl_mvm_mfu_assert_dump_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94278
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40943
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ocfs2_change_file_space() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94249
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40951
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ocfs2_fill_super() function in fs/ocfs2/super.c, within the to_ocfs2_trigger(), ocfs2_db_frozen_trigger() and __ocfs2_journal_access() functions in fs/ocfs2/journal.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94248
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40952
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ocfs2_journal_dirty() function in fs/ocfs2/journal.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94247
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40957
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the input_action_end_dx6() and input_action_end_dx4() functions in net/ipv6/seg6_local.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94319
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40968
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __cvmx_pcie_build_config_addr() function in arch/mips/pci/pcie-octeon.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94301
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40974
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the arch/powerpc/include/asm/hvcall.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94306
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40975
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the x86_android_tablet_remove() function in drivers/platform/x86/x86-android-tablets/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94271
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40977
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mt76s_tx_status_data() function in drivers/net/wireless/mediatek/mt76/sdio.c, within the mt7921s_mac_reset() function in drivers/net/wireless/mediatek/mt76/mt7921/sdio_mac.c, within the mt7921e_mac_reset() function in drivers/net/wireless/mediatek/mt76/mt7921/pci_mac.c, within the mt7921_mac_reset_work() function in drivers/net/wireless/mediatek/mt76/mt7921/mac.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94304
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40983
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tipc_rcv() function in net/tipc/node.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94239
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40984
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_ex_system_memory_space_handler() function in drivers/acpi/acpica/exregion.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94307
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40987
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94265
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41004
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kernel/trace/Kconfig. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94264
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41005
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the netpoll_owner_active() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94345
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41007
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_rtx_probe0_timed_out() function in net/ipv4/tcp_timer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94508
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41009
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __aligned(), bpf_ringbuf_alloc(), bpf_ringbuf_restore_from_rec() and __bpf_ringbuf_reserve() functions in kernel/bpf/ringbuf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.