openEuler 22.03 LTS SP3 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 42 |
| CVE-ID | CVE-2021-47205 CVE-2022-48703 CVE-2022-48859 CVE-2023-52679 CVE-2023-52764 CVE-2024-26988 CVE-2024-27012 CVE-2024-27032 CVE-2024-27038 CVE-2024-27047 CVE-2024-27052 CVE-2024-27065 CVE-2024-27412 CVE-2024-27416 CVE-2024-34777 CVE-2024-35837 CVE-2024-35931 CVE-2024-36923 CVE-2024-37078 CVE-2024-38548 CVE-2024-38567 CVE-2024-38607 CVE-2024-38611 CVE-2024-39471 CVE-2024-39475 CVE-2024-39476 CVE-2024-39484 CVE-2024-39506 CVE-2024-39508 CVE-2024-40915 CVE-2024-40945 CVE-2024-40947 CVE-2024-40956 CVE-2024-40960 CVE-2024-40963 CVE-2024-40967 CVE-2024-40972 CVE-2024-40980 CVE-2024-40981 CVE-2024-40982 CVE-2024-40995 CVE-2024-41011 |
| CWE-ID | CWE-401 CWE-476 CWE-415 CWE-125 CWE-119 CWE-835 CWE-416 CWE-399 CWE-200 CWE-20 CWE-908 CWE-388 CWE-667 CWE-369 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system perf Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 42 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU90007
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47205
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the DEFINE_SPINLOCK() and devm_sunxi_ccu_release() functions in drivers/clk/sunxi-ng/ccu_common.c, within the suniv_f1c100s_ccu_setup() function in drivers/clk/sunxi-ng/ccu-suniv-f1c100s.c, within the sun9i_a80_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80.c, within the sun9i_a80_usb_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80-usb.c, within the sun9i_a80_de_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80-de.c, within the sun8i_v3_v3s_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun8i-v3s.c, within the sun8i_r40_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-r40.c, within the sunxi_h3_h5_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun8i-h3.c, within the sunxi_de2_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-de2.c, within the sun8i_a83t_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-a83t.c, within the sun8i_a33_ccu_setup() and ccu_pll_notifier_register() functions in drivers/clk/sunxi-ng/ccu-sun8i-a33.c, within the sun8i_a23_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun8i-a23.c, within the sun6i_a31_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun6i-a31.c, within the sun5i_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun5i.c, within the sun50i_h616_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun50i-h616.c, within the sun50i_h6_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-h6.c, within the sunxi_r_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun50i-h6-r.c, within the sun50i_a64_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a64.c, within the sun50i_a100_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a100.c, within the sun50i_a100_r_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a100-r.c, within the sun4i_ccu_init() and sunxi_ccu_probe() functions in drivers/clk/sunxi-ng/ccu-sun4i-a10.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU90514
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48703
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the int3400_setup_gddv(), int3400_thermal_probe() and int3400_thermal_remove() functions in drivers/thermal/intel/int340x_thermal/int3400_thermal.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU94395
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48859
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the prestera_switch_set_base_mac_addr() function in drivers/net/ethernet/marvell/prestera/prestera_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Double free
EUVDB-ID: #VU90892
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52679
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the of_unittest_parse_phandle_with_args() and of_unittest_parse_phandle_with_args_map() functions in drivers/of/unittest.c, within the of_parse_phandle_with_args_map() function in drivers/of/base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU90278
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52764
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the set_flicker() function in drivers/media/usb/gspca/cpia1.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU93305
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26988
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the setup_command_line() function in init/main.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory leak
EUVDB-ID: #VU90461
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27012
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_rbtree_activate() and nft_rbtree_walk() functions in net/netfilter/nft_set_rbtree.c, within the nft_pipapo_activate() and nft_pipapo_walk() functions in net/netfilter/nft_set_pipapo.c, within the nft_rhash_activate(), nft_rhash_walk(), nft_hash_activate() and nft_hash_walk() functions in net/netfilter/nft_set_hash.c, within the nft_bitmap_activate() and nft_bitmap_walk() functions in net/netfilter/nft_set_bitmap.c, within the nft_mapelem_deactivate(), nft_map_catchall_deactivate(), nft_setelem_validate(), nf_tables_bind_check_setelem(), nft_mapelem_activate(), nft_map_catchall_activate(), nf_tables_dump_setelem(), nft_setelem_activate(), nft_setelem_flush() and nf_tables_loop_check_setelem() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Infinite loop
EUVDB-ID: #VU93065
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27032
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the f2fs_reserve_new_block_retry() function in fs/f2fs/recovery.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU91236
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27038
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the clk_core_get() function in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU90520
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27047
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the phy_get_internal_delay() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU90180
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27052
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtl8xxxu_stop() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Resource management error
EUVDB-ID: #VU94105
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27065
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Resource management error
EUVDB-ID: #VU93194
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27412
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bq27xxx_battery_i2c_remove() function in drivers/power/supply/bq27xxx_battery_i2c.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Information disclosure
EUVDB-ID: #VU93869
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27416
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error within the hci_io_capa_request_evt() function in net/bluetooth/hci_event.c when handling HCI_EV_IO_CAPA_REQUEST packets. A remote attacker on the local network can force the system to assume that the remote peer
does support SSP and potentially gain access to sensitive information.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU93172
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34777
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the map_benchmark_ioctl() function in kernel/dma/map_benchmark.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use of uninitialized resource
EUVDB-ID: #VU93435
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35837
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mvpp2_bm_pool_cleanup() and mvpp2_bm_init() functions in drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper error handling
EUVDB-ID: #VU90943
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35931
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the amdgpu_pci_slot_reset() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use of uninitialized resource
EUVDB-ID: #VU90864
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36923
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the v9fs_evict_inode() function in fs/9p/vfs_inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper locking
EUVDB-ID: #VU93342
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37078
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_prepare_write() function in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) NULL pointer dereference
EUVDB-ID: #VU92349
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38548
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cdns_mhdp_atomic_enable() function in drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Input validation error
EUVDB-ID: #VU92370
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38567
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the carl9170_usb_probe() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Resource management error
EUVDB-ID: #VU93181
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38607
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the macii_probe() function in drivers/macintosh/via-macii.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Memory leak
EUVDB-ID: #VU92298
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38611
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the et8ek8_remove() and __exit_p() functions in drivers/media/i2c/et8ek8/et8ek8_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds read
EUVDB-ID: #VU93326
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39471
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Division by zero
EUVDB-ID: #VU93828
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39475
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the savagefb_probe() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper locking
EUVDB-ID: #VU93824
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39476
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the raid5d() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Memory leak
EUVDB-ID: #VU93818
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39484
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the davinci_mmcsd_remove() and __exit_p() functions in drivers/mmc/host/davinci_mmc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) NULL pointer dereference
EUVDB-ID: #VU94258
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39506
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lio_vf_rep_copy_packet() function in drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU94229
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39508
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the WORKER_IDLE_TIMEOUT(), io_work_get_acct(), io_worker_exit(), io_wq_dec_running(), __io_worker_busy(), io_wq_worker(), io_wq_worker_running(), io_wq_worker_sleeping(), io_init_new_worker(), init_completion() and io_wq_work_match_item() functions in io_uring/io-wq.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Use-after-free
EUVDB-ID: #VU94222
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40915
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the set_direct_map_default_noflush() function in arch/riscv/mm/pageattr.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU94250
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40945
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/iommu.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Use-after-free
EUVDB-ID: #VU94218
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40947
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smack_post_notification() function in security/smack/smack_lsm.c, within the selinux_audit_rule_free() and selinux_audit_rule_init() functions in security/selinux/ss/services.c, within the security_key_getsecurity() function in security/security.c, within the ima_free_rule(), ima_lsm_copy_rule(), ima_lsm_update_rule() and ima_lsm_rule_init() functions in security/integrity/ima/ima_policy.c, within the aa_audit_rule_free() and aa_audit_rule_init() functions in security/apparmor/audit.c, within the audit_data_to_entry() and audit_dupe_lsm_field() functions in kernel/auditfilter.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Use-after-free
EUVDB-ID: #VU94216
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40956
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the irq_process_work_list() function in drivers/dma/idxd/irq.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) NULL pointer dereference
EUVDB-ID: #VU94245
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40960
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_probe() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Input validation error
EUVDB-ID: #VU94318
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40963
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bcm6358_quirks() function in arch/mips/bmips/setup.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper locking
EUVDB-ID: #VU94274
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40967
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the imx_uart_console_write() function in drivers/tty/serial/imx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Improper locking
EUVDB-ID: #VU94272
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40972
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_xattr_set_entry(), iput(), ext4_xattr_block_set() and ext4_xattr_ibody_set() functions in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Improper locking
EUVDB-ID: #VU94270
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40980
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reset_per_cpu_data(), trace_drop_common(), net_dm_hw_reset_per_cpu_data(), net_dm_hw_summary_probe() and __net_dm_cpu_data_init() functions in net/core/drop_monitor.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Improper locking
EUVDB-ID: #VU94269
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40981
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the batadv_purge_orig_ref() function in net/batman-adv/originator.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) NULL pointer dereference
EUVDB-ID: #VU94240
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40982
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ssb_bus_match() function in drivers/ssb/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Improper locking
EUVDB-ID: #VU94267
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40995
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcf_idr_check_alloc() and rcu_read_unlock() functions in net/sched/act_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Input validation error
EUVDB-ID: #VU94530
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41011
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kfd_ioctl_alloc_memory_of_gpu(), criu_restore_memory_of_gpu() and kfd_mmio_mmap() functions in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
perf: before 5.10.0-221.0.0.124
kernel-headers: before 5.10.0-221.0.0.124
python3-perf-debuginfo: before 5.10.0-221.0.0.124
python3-perf: before 5.10.0-221.0.0.124
kernel-debugsource: before 5.10.0-221.0.0.124
kernel-tools-debuginfo: before 5.10.0-221.0.0.124
kernel-source: before 5.10.0-221.0.0.124
perf-debuginfo: before 5.10.0-221.0.0.124
kernel-tools-devel: before 5.10.0-221.0.0.124
kernel-devel: before 5.10.0-221.0.0.124
kernel-tools: before 5.10.0-221.0.0.124
kernel-debuginfo: before 5.10.0-221.0.0.124
kernel: before 5.10.0-221.0.0.124
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1942
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
