Risk | Low |
Patch available | YES |
Number of vulnerabilities | 78 |
CVE-ID | CVE-2024-33619 CVE-2024-35247 CVE-2024-35848 CVE-2024-35859 CVE-2024-35966 CVE-2024-36890 CVE-2024-36896 CVE-2024-36899 CVE-2024-36901 CVE-2024-36944 CVE-2024-36964 CVE-2024-38556 CVE-2024-38576 CVE-2024-38600 CVE-2024-38606 CVE-2024-38607 CVE-2024-38617 CVE-2024-39471 CVE-2024-39473 CVE-2024-39475 CVE-2024-39481 CVE-2024-39486 CVE-2024-39493 CVE-2024-39496 CVE-2024-39503 CVE-2024-40900 CVE-2024-40906 CVE-2024-40908 CVE-2024-40913 CVE-2024-40920 CVE-2024-40921 CVE-2024-40922 CVE-2024-40935 CVE-2024-40953 CVE-2024-40962 CVE-2024-40967 CVE-2024-40981 CVE-2024-41006 CVE-2024-41010 CVE-2024-41013 CVE-2024-41014 CVE-2024-41018 CVE-2024-41019 CVE-2024-41020 CVE-2024-41021 CVE-2024-41023 CVE-2024-41039 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41045 CVE-2024-41048 CVE-2024-41049 CVE-2024-41056 CVE-2024-41062 CVE-2024-41063 CVE-2024-41064 CVE-2024-41069 CVE-2024-41072 CVE-2024-41073 CVE-2024-41074 CVE-2024-41075 CVE-2024-41076 CVE-2024-41077 CVE-2024-41080 CVE-2024-41085 CVE-2024-41090 CVE-2024-41091 CVE-2024-41096 CVE-2024-42068 CVE-2024-42086 CVE-2024-42097 CVE-2024-42115 CVE-2024-42126 CVE-2024-42129 CVE-2024-42155 CVE-2024-42162 CVE-2024-42228 |
CWE-ID | CWE-908 CWE-476 CWE-119 CWE-401 CWE-125 CWE-399 CWE-416 CWE-667 CWE-269 CWE-369 CWE-20 CWE-388 CWE-415 CWE-682 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 78 vulnerabilities.
EUVDB-ID: #VU93041
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33619
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the efi_free() function in drivers/firmware/efi/libstub/fdt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93122
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35247
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fpga_region_get(), fpga_region_put(), ATTRIBUTE_GROUPS(), fpga_region_register_full(), ERR_PTR() and EXPORT_SYMBOL_GPL() functions in drivers/fpga/fpga-region.c, within the fpga_region_register_full() function in Documentation/driver-api/fpga/fpga-region.rst. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91199
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35848
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the at24_probe() function in drivers/misc/eeprom/at24.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91641
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35859
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bdev_open_by_dev() function in block/bdev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90306
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35966
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rfcomm_sock_setsockopt_old() and rfcomm_sock_setsockopt() functions in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93391
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36890
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the include/linux/slab.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91455
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36896
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the disable_show() and disable_store() functions in drivers/usb/core/port.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90048
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36899
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gpio_chrdev_release() function in drivers/gpio/gpiolib-cdev.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91224
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36901
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip6_output() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91502
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36944
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qxl_fence_wait() function in drivers/gpu/drm/qxl/qxl_release.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93734
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36964
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92329
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38556
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cmd_work_handler(), wait_func() and mlx5_cmd_invoke() functions in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92377
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38576
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kernel/rcu/tree_stall.h. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92360
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38600
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_card_disconnect() function in sound/core/init.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93402
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38606
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the validate_tl_data() and adf_tl_run() functions in drivers/crypto/intel/qat/qat_common/adf_telemetry.c, within the adf_gen4_init_tl_data() function in drivers/crypto/intel/qat/qat_common/adf_gen4_tl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93181
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38607
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the macii_probe() function in drivers/macintosh/via-macii.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93802
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38617
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the DEFINE_ALLOC_SIZE_TEST_PAIR() function in lib/fortify_kunit.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93326
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39471
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93822
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39473
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sof_ipc4_get_input_pin_audio_fmt() function in sound/soc/sof/ipc4-topology.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93828
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39475
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the savagefb_probe() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93831
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39481
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the media_pipeline_explore_next_link() function in drivers/media/mc/mc-entity.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93834
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39486
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_file_update_pid() function in drivers/gpu/drm/drm_file.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94086
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39493
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the adf_device_reset_worker() and adf_dev_aer_schedule_reset() functions in drivers/crypto/qat/qat_common/adf_aer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94231
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39496
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_load_zone_info() function in fs/btrfs/zoned.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94230
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39503
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the list_set_kadd(), list_set_kdel(), list_set_utest(), list_set_uadd(), list_set_udel() and list_set_destroy() functions in net/netfilter/ipset/ip_set_list_set.c, within the call_rcu(), ip_set_destroy() and ip_set_net_init() functions in net/netfilter/ipset/ip_set_core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94226
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40900
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cachefiles_flush_reqs() function in fs/cachefiles/daemon.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94202
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40906
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlx5_function_teardown() function in drivers/net/ethernet/mellanox/mlx5/core/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94316
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40908
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __bpf_prog_test_run_raw_tp() function in net/bpf/test_run.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94214
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40913
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cachefiles_req_put(), cachefiles_ondemand_restore(), cachefiles_ondemand_get_fd() and cachefiles_ondemand_daemon_read() functions in fs/cachefiles/ondemand.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94221
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40920
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the br_mst_set_state() function in net/bridge/br_mst.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94253
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40921
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the br_mst_get_state(), br_mst_set_state() and br_mst_vlan_sync_state() functions in net/bridge/br_mst.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94279
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40922
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_rsrc_ref_quiesce() function in io_uring/rsrc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94219
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40935
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cachefiles_daemon_open() function in fs/cachefiles/daemon.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94236
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40953
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the kvm_vcpu_on_spin() function in virt/kvm/kvm_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94243
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40962
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btrfs_submit_chunk() function in fs/btrfs/bio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94274
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40967
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the imx_uart_console_write() function in drivers/tty/serial/imx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94269
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40981
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the batadv_purge_orig_ref() function in net/batman-adv/originator.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94213
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41006
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nr_heartbeat_expiry() function in net/netrom/nr_timer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94507
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41010
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ingress_init(), ingress_destroy(), clsact_init() and clsact_destroy() functions in net/sched/sch_ingress.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94835
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41013
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __xfs_dir3_data_check() function in fs/xfs/libxfs/xfs_dir2_data.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94836
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41014
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xlog_recover_process_data() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94838
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41018
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the log_replay() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94839
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41019
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the check_rstbl() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94996
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41020
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fcntl_setlk64() function in fs/locks.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95023
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41021
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the handle_fault_error_nolock() function in arch/s390/mm/fault.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94924
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41023
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the enqueue_task_dl() function in kernel/sched/deadline.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95042
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41039
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the cs_dsp_adsp1_parse_sizes(), cs_dsp_adsp2_parse_sizes(), cs_dsp_load() and cs_dsp_buf_free() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94949
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41040
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the net/sched/act_ct.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95069
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41041
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sock_set_flag() and spin_unlock() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95108
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41044
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_read() and ppp_write() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94948
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41045
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bpf_timer_delete_work(), __bpf_async_init() and __bpf_spin_unlock_irqrestore() functions in kernel/bpf/helpers.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94982
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41048
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sk_msg_recvmsg() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94947
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41049
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the posix_lock_inode() function in fs/locks.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95107
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41056
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cs_dsp_coeff_parse_alg() and cs_dsp_coeff_parse_coeff() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94977
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41062
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the l2cap_sock_kill(), l2cap_sock_new_connection_cb() and l2cap_sock_recv_cb() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94992
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41063
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hci_unregister_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94991
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41064
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the eeh_pe_bus_get() function in arch/powerpc/kernel/eeh_pe.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94943
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41069
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the soc_tplg_dapm_graph_elems_load() function in sound/soc/soc-topology.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95106
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41072
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cfg80211_wext_siwscan() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95011
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41073
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the nvme_cleanup_cmd() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95087
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41074
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cachefiles_ondemand_copen() function in fs/cachefiles/ondemand.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95004
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41075
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cachefiles_ondemand_fd_llseek(), cachefiles_ondemand_fd_ioctl() and cachefiles_ondemand_copen() functions in fs/cachefiles/ondemand.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94928
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41076
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfs4_set_security_label() function in fs/nfs/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94976
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41077
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the null_validate_conf() function in drivers/block/null_blk/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94990
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41080
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_register_iowq_max_workers() function in io_uring/register.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94972
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41085
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cxl_mem_probe() function in drivers/cxl/mem.c, within the cxl_pmem_region_alloc() function in drivers/cxl/core/region.c, within the match_nvdimm_bridge() and cxlmd_release_nvdimm() functions in drivers/cxl/core/pmem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94840
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41090
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94841
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41091
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tun_xdp_one() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94941
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41096
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the msi_capability_init() function in drivers/pci/msi/msi.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95076
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42068
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the jit_subprogs() function in kernel/bpf/verifier.c, within the bpf_prog_select_runtime() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95041
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42086
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the bme680_compensate_temp(), bme680_compensate_press() and bme680_compensate_humid() functions in drivers/iio/chemical/bme680_core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95001
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42097
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the load_data() and load_guspatch() functions in sound/synth/emux/soundfont.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94932
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42115
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the jffs2_i_init_once() function in fs/jffs2/super.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94997
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42126
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pcpu_cpu_to_node() and setup_per_cpu_areas() functions in arch/powerpc/kernel/setup_64.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95059
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42129
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mlxreg_led_probe() function in drivers/leds/leds-mlxreg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95092
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42155
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95074
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42162
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the gve_get_drvinfo() and gve_get_ethtool_stats() functions in drivers/net/ethernet/google/gve/gve_ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95029
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42228
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the amdgpu_vce_ring_parse_cs() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-37.0.0.44
python3-perf: before 6.6.0-37.0.0.44
perf-debuginfo: before 6.6.0-37.0.0.44
perf: before 6.6.0-37.0.0.44
kernel-tools-devel: before 6.6.0-37.0.0.44
kernel-tools-debuginfo: before 6.6.0-37.0.0.44
kernel-tools: before 6.6.0-37.0.0.44
kernel-source: before 6.6.0-37.0.0.44
kernel-headers: before 6.6.0-37.0.0.44
kernel-devel: before 6.6.0-37.0.0.44
kernel-debugsource: before 6.6.0-37.0.0.44
kernel-debuginfo: before 6.6.0-37.0.0.44
bpftool-debuginfo: before 6.6.0-37.0.0.44
bpftool: before 6.6.0-37.0.0.44
kernel: before 6.6.0-37.0.0.44
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.