openEuler 22.03 LTS SP1 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 33 |
| CVE-ID | CVE-2021-47582 CVE-2022-48827 CVE-2023-52888 CVE-2024-39509 CVE-2024-40942 CVE-2024-40990 CVE-2024-41012 CVE-2024-41034 CVE-2024-41035 CVE-2024-41042 CVE-2024-41046 CVE-2024-41065 CVE-2024-41078 CVE-2024-41092 CVE-2024-42087 CVE-2024-42095 CVE-2024-42096 CVE-2024-42098 CVE-2024-42102 CVE-2024-42105 CVE-2024-42114 CVE-2024-42128 CVE-2024-42143 CVE-2024-42148 CVE-2024-42154 CVE-2024-42156 CVE-2024-42157 CVE-2024-42223 CVE-2024-42225 CVE-2024-42229 CVE-2024-42244 CVE-2024-42246 CVE-2024-42247 |
| CWE-ID | CWE-399 CWE-119 CWE-401 CWE-20 CWE-416 CWE-388 CWE-415 CWE-667 CWE-190 CWE-125 CWE-908 CWE-835 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 33 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU93277
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47582
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the usbdev_release(), do_proc_control() and do_proc_bulk() functions in drivers/usb/core/devio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU94479
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48827
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nfsd4_encode_read() and nfsd4_encode_read_plus() functions in fs/nfsd/nfs4xdr.c, within the nfsd4_read() function in fs/nfsd/nfs4proc.c, within the nfsd3_proc_read() function in fs/nfsd/nfs3proc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU95057
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52888
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the h264_enc_free_work_buf() function in drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c, within the vdec_av1_slice_free_working_buffer() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_av1_req_lat_if.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU94310
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39509
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the implement() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory leak
EUVDB-ID: #VU94207
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40942
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mesh_path_discard_frame() function in net/mac80211/mesh_pathtbl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU94325
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40990
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5_ib_create_srq() function in drivers/infiniband/hw/mlx5/srq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU94672
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41012
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fcntl_setlk() function in fs/locks.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper error handling
EUVDB-ID: #VU95020
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41034
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_dotdot() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU95109
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41035
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the usb_parse_endpoint() function in drivers/usb/core/config.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU95003
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41042
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nf_tables_rule_release(), nft_chain_validate(), nft_chain_validate_hooks() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Double free
EUVDB-ID: #VU95010
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41046
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ltq_etop_free_channel() function in drivers/net/ethernet/lantiq_etop.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Memory leak
EUVDB-ID: #VU94926
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41065
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the alloc_dispatch_log_kmem_cache() function in arch/powerpc/platforms/pseries/setup.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory leak
EUVDB-ID: #VU94929
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41078
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_quota_disable() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU94938
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41092
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the i915_vma_revoke_fence() function in drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Resource management error
EUVDB-ID: #VU95066
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42087
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ili9881c_prepare() and ili9881c_unprepare() functions in drivers/gpu/drm/panel/panel-ilitek-ili9881c.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Input validation error
EUVDB-ID: #VU95101
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42095
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the uart_write() and omap8250_irq() functions in drivers/tty/serial/8250/8250_omap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper locking
EUVDB-ID: #VU94987
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42096
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the profile_pc() function in arch/x86/kernel/time.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Input validation error
EUVDB-ID: #VU95100
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42098
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ecdh_set_secret() function in crypto/ecdh.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Integer overflow
EUVDB-ID: #VU95034
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42102
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the wb_dirty_limits() function in mm/page-writeback.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU94936
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42105
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_store_disk_layout() function in fs/nilfs2/the_nilfs.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper locking
EUVDB-ID: #VU94986
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42114
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the NLA_POLICY_FULL_RANGE() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Resource management error
EUVDB-ID: #VU95058
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42128
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the an30259a_probe() function in drivers/leds/leds-an30259a.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU94951
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42143
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the orangefs_statfs() function in fs/orangefs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds read
EUVDB-ID: #VU94952
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42148
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/ethernet/broadcom/bnx2x/bnx2x.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Input validation error
EUVDB-ID: #VU95093
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42154
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sizeof() function in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Input validation error
EUVDB-ID: #VU95091
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42156
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Input validation error
EUVDB-ID: #VU95090
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42157
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Integer overflow
EUVDB-ID: #VU95037
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42223
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the tda10048_set_if() function in drivers/media/dvb-frontends/tda10048.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use of uninitialized resource
EUVDB-ID: #VU95028
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42225
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mt7915_mcu_add_nested_subtlv() function in drivers/net/wireless/mediatek/mt76/mt7915/mcu.c, within the mt76_connac_mcu_add_nested_tlv(), mt76_connac_mcu_hw_scan(), mt76_connac_mcu_sched_scan_req(), mt76_connac_mcu_update_gtk_rekey() and mt76_connac_mcu_set_wow_pattern() functions in drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Buffer overflow
EUVDB-ID: #VU95078
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42229
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the setkey_unaligned() function in crypto/cipher.c, within the setkey_unaligned() function in crypto/aead.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Input validation error
EUVDB-ID: #VU95510
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42244
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mos7840_port_remove() function in drivers/usb/serial/mos7840.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Infinite loop
EUVDB-ID: #VU95515
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42246
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the xs_tcp_setup_socket() function in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Resource management error
EUVDB-ID: #VU95518
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42247
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the swap_endian() function in drivers/net/wireguard/allowedips.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.89.0.170
python3-perf: before 5.10.0-136.89.0.170
perf-debuginfo: before 5.10.0-136.89.0.170
perf: before 5.10.0-136.89.0.170
kernel-tools-devel: before 5.10.0-136.89.0.170
kernel-tools-debuginfo: before 5.10.0-136.89.0.170
kernel-tools: before 5.10.0-136.89.0.170
kernel-source: before 5.10.0-136.89.0.170
kernel-headers: before 5.10.0-136.89.0.170
kernel-devel: before 5.10.0-136.89.0.170
kernel-debugsource: before 5.10.0-136.89.0.170
kernel-debuginfo: before 5.10.0-136.89.0.170
kernel: before 5.10.0-136.89.0.170
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
