openEuler 22.03 LTS SP4 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 53 |
| CVE-ID | CVE-2022-48827 CVE-2023-52887 CVE-2024-38561 CVE-2024-38594 CVE-2024-38627 CVE-2024-39497 CVE-2024-40910 CVE-2024-40959 CVE-2024-40961 CVE-2024-40967 CVE-2024-40976 CVE-2024-40999 CVE-2024-41013 CVE-2024-41014 CVE-2024-41020 CVE-2024-41022 CVE-2024-41023 CVE-2024-41027 CVE-2024-41044 CVE-2024-41055 CVE-2024-41062 CVE-2024-41064 CVE-2024-41066 CVE-2024-41070 CVE-2024-41072 CVE-2024-41073 CVE-2024-41077 CVE-2024-41079 CVE-2024-41081 CVE-2024-41087 CVE-2024-41089 CVE-2024-41097 CVE-2024-42068 CVE-2024-42076 CVE-2024-42077 CVE-2024-42080 CVE-2024-42082 CVE-2024-42084 CVE-2024-42089 CVE-2024-42090 CVE-2024-42092 CVE-2024-42093 CVE-2024-42094 CVE-2024-42101 CVE-2024-42106 CVE-2024-42124 CVE-2024-42137 CVE-2024-42145 CVE-2024-42155 CVE-2024-42160 CVE-2024-42161 CVE-2024-42162 CVE-2024-42224 |
| CWE-ID | CWE-119 CWE-388 CWE-416 CWE-667 CWE-415 CWE-401 CWE-476 CWE-362 CWE-20 CWE-125 CWE-399 CWE-682 CWE-908 CWE-96 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 53 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU94479
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48827
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nfsd4_encode_read() and nfsd4_encode_read_plus() functions in fs/nfsd/nfs4xdr.c, within the nfsd4_read() function in fs/nfsd/nfs4proc.c, within the nfsd3_proc_read() function in fs/nfsd/nfs3proc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper error handling
EUVDB-ID: #VU95018
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52887
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the j1939_xtp_rx_rts_session_new() function in net/can/j1939/transport.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU92308
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38561
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kunit_try_catch_run() function in lib/kunit/try-catch.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper locking
EUVDB-ID: #VU92363
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38594
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tc_taprio_configure() function in drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c, within the stmmac_adjust_time() function in drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Double free
EUVDB-ID: #VU93040
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38627
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the stm_register_device() function in drivers/hwtracing/stm/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU94313
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39497
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drm_gem_shmem_mmap() function in drivers/gpu/drm/drm_gem_shmem_helper.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory leak
EUVDB-ID: #VU94203
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40910
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_accept() function in net/ax25/af_ax25.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU94246
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40959
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xfrm6_get_saddr() function in net/ipv6/xfrm6_policy.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU94244
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40961
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fib6_nh_init() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper locking
EUVDB-ID: #VU94274
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40967
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the imx_uart_console_write() function in drivers/tty/serial/imx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Race condition
EUVDB-ID: #VU94297
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40976
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lima_sched_timedout_job() function in drivers/gpu/drm/lima/lima_sched.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU94287
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40999
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ena_com_cdesc_rx_pkt_get() and ena_com_rx_pkt() functions in drivers/net/ethernet/amazon/ena/ena_eth_com.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU94835
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41013
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __xfs_dir3_data_check() function in fs/xfs/libxfs/xfs_dir2_data.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU94836
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41014
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xlog_recover_process_data() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper locking
EUVDB-ID: #VU94996
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41020
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fcntl_setlk64() function in fs/locks.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper error handling
EUVDB-ID: #VU95022
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41022
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory leak
EUVDB-ID: #VU94924
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41023
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the enqueue_task_dl() function in kernel/sched/deadline.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Resource management error
EUVDB-ID: #VU95071
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41027
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the userfaultfd_api() function in fs/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Input validation error
EUVDB-ID: #VU95108
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41044
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_read() and ppp_write() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) NULL pointer dereference
EUVDB-ID: #VU94979
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41055
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/mmzone.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU94977
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41062
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the l2cap_sock_kill(), l2cap_sock_new_connection_cb() and l2cap_sock_recv_cb() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper locking
EUVDB-ID: #VU94991
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41064
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the eeh_pe_bus_get() function in arch/powerpc/kernel/eeh_pe.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Memory leak
EUVDB-ID: #VU94927
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41066
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ibmvnic_xmit() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU94942
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41070
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kvm_spapr_tce_attach_iommu_group() function in arch/powerpc/kvm/book3s_64_vio.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Input validation error
EUVDB-ID: #VU95106
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41072
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cfg80211_wext_siwscan() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Double free
EUVDB-ID: #VU95011
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41073
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the nvme_cleanup_cmd() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) NULL pointer dereference
EUVDB-ID: #VU94976
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41077
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the null_validate_conf() function in drivers/block/null_blk/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Memory leak
EUVDB-ID: #VU94930
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41079
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvmet_execute_admin_connect() and nvmet_execute_io_connect() functions in drivers/nvme/target/fabrics-cmd.c, within the pr_debug() and nvmet_execute_auth_receive() functions in drivers/nvme/target/fabrics-cmd-auth.c, within the nvmet_req_init() function in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Resource management error
EUVDB-ID: #VU95051
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41081
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ila_output() function in net/ipv6/ila/ila_lwt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Double free
EUVDB-ID: #VU95008
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41087
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ata_host_alloc() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU94971
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41089
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nv17_tv_get_hd_modes() function in drivers/gpu/drm/nouveau/dispnv04/tvnv17.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Resource management error
EUVDB-ID: #VU95067
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41097
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cxacru_bind() function in drivers/usb/atm/cxacru.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Incorrect calculation
EUVDB-ID: #VU95076
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42068
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the jit_subprogs() function in kernel/bpf/verifier.c, within the bpf_prog_select_runtime() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Use of uninitialized resource
EUVDB-ID: #VU95031
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42076
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the MODULE_ALIAS() and j1939_send_one() functions in net/can/j1939/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Resource management error
EUVDB-ID: #VU95068
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42077
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ocfs2_extend_trans() function in fs/ocfs2/journal.c, within the ocfs2_dio_end_io_write() function in fs/ocfs2/aops.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Input validation error
EUVDB-ID: #VU95103
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42080
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rdma_restrack_init() and type2str() functions in drivers/infiniband/core/restrack.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Buffer overflow
EUVDB-ID: #VU95055
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42082
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __xdp_reg_mem_model() function in net/core/xdp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Improper neutralization of directives in statically saved code (\'static code injection\')
EUVDB-ID: #VU95052
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42084
CWE-ID:
CWE-96 - Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate() syscall, using the 32-bit off_t misses a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally succeeds in truncating to file size between 2GiB and 4GiB. Changing the type of the compat syscall to the signed compat_off_t changes the behavior so it instead returns -EINVAL. The native entry point, the truncate() syscall and the corresponding loff_t based variants are all correct already and do not suffer from this mistake.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) NULL pointer dereference
EUVDB-ID: #VU94964
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42089
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fsl_asoc_card_probe() function in sound/soc/fsl/fsl-asoc-card.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper locking
EUVDB-ID: #VU94988
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42090
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the create_pinctrl() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Input validation error
EUVDB-ID: #VU95000
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42092
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the davinci_gpio_probe() function in drivers/gpio/gpio-davinci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Buffer overflow
EUVDB-ID: #VU95039
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42093
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dpaa2_eth_xdp_xmit() and update_xps() functions in drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Buffer overflow
EUVDB-ID: #VU95040
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42094
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the iucv_setmask_mp() and iucv_cpu_online() functions in net/iucv/iucv.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) NULL pointer dereference
EUVDB-ID: #VU94963
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42101
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nouveau_connector_get_modes() function in drivers/gpu/drm/nouveau/nouveau_connector.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Use of uninitialized resource
EUVDB-ID: #VU95024
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42106
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the inet_diag_dump_compat() and inet_diag_get_exact_compat() functions in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Input validation error
EUVDB-ID: #VU95097
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42124
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qedf_execute_tmf() function in drivers/scsi/qedf/qedf_io.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Use-after-free
EUVDB-ID: #VU94931
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42137
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qca_serdev_shutdown() function in drivers/bluetooth/hci_qca.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Buffer overflow
EUVDB-ID: #VU95054
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42145
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Input validation error
EUVDB-ID: #VU95092
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42155
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Input validation error
EUVDB-ID: #VU94999
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42160
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the f2fs_build_fault_attr() and parse_options() functions in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Use of uninitialized resource
EUVDB-ID: #VU95027
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42161
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the tools/lib/bpf/bpf_core_read.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Incorrect calculation
EUVDB-ID: #VU95074
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42162
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the gve_get_drvinfo() and gve_get_ethtool_stats() functions in drivers/net/ethernet/google/gve/gve_ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Improper error handling
EUVDB-ID: #VU95012
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42224
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mv88e6xxx_default_mdio_bus() function in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-222.0.0.121
python3-perf: before 5.10.0-222.0.0.121
perf-debuginfo: before 5.10.0-222.0.0.121
perf: before 5.10.0-222.0.0.121
kernel-tools-devel: before 5.10.0-222.0.0.121
kernel-tools-debuginfo: before 5.10.0-222.0.0.121
kernel-tools: before 5.10.0-222.0.0.121
kernel-source: before 5.10.0-222.0.0.121
kernel-headers: before 5.10.0-222.0.0.121
kernel-devel: before 5.10.0-222.0.0.121
kernel-debugsource: before 5.10.0-222.0.0.121
kernel-debuginfo: before 5.10.0-222.0.0.121
bpftool-debuginfo: before 5.10.0-222.0.0.121
bpftool: before 5.10.0-222.0.0.121
kernel: before 5.10.0-222.0.0.121
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1961
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
