openEuler 24.03 LTS update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 134 |
| CVE-ID | CVE-2024-33621 CVE-2024-33847 CVE-2024-34777 CVE-2024-36270 CVE-2024-36281 CVE-2024-36286 CVE-2024-36484 CVE-2024-36908 CVE-2024-36914 CVE-2024-36933 CVE-2024-36938 CVE-2024-36947 CVE-2024-36959 CVE-2024-38390 CVE-2024-38539 CVE-2024-38543 CVE-2024-38544 CVE-2024-38546 CVE-2024-38550 CVE-2024-38557 CVE-2024-38560 CVE-2024-38561 CVE-2024-38565 CVE-2024-38566 CVE-2024-38580 CVE-2024-38593 CVE-2024-38597 CVE-2024-38611 CVE-2024-38613 CVE-2024-38616 CVE-2024-38627 CVE-2024-38635 CVE-2024-39276 CVE-2024-39298 CVE-2024-39476 CVE-2024-39490 CVE-2024-39491 CVE-2024-39501 CVE-2024-39504 CVE-2024-40901 CVE-2024-40910 CVE-2024-40911 CVE-2024-40914 CVE-2024-40919 CVE-2024-40925 CVE-2024-40928 CVE-2024-40938 CVE-2024-40939 CVE-2024-40940 CVE-2024-40944 CVE-2024-40945 CVE-2024-40948 CVE-2024-40950 CVE-2024-40955 CVE-2024-40966 CVE-2024-40969 CVE-2024-40970 CVE-2024-40988 CVE-2024-40992 CVE-2024-40994 CVE-2024-40996 CVE-2024-41015 CVE-2024-41025 CVE-2024-41028 CVE-2024-41030 CVE-2024-41031 CVE-2024-41036 CVE-2024-41038 CVE-2024-41047 CVE-2024-41050 CVE-2024-41051 CVE-2024-41053 CVE-2024-41054 CVE-2024-41058 CVE-2024-41059 CVE-2024-41060 CVE-2024-41066 CVE-2024-41068 CVE-2024-41084 CVE-2024-41087 CVE-2024-41088 CVE-2024-41092 CVE-2024-41093 CVE-2024-41094 CVE-2024-42063 CVE-2024-42069 CVE-2024-42070 CVE-2024-42073 CVE-2024-42074 CVE-2024-42079 CVE-2024-42085 CVE-2024-42100 CVE-2024-42103 CVE-2024-42109 CVE-2024-42113 CVE-2024-42120 CVE-2024-42121 CVE-2024-42130 CVE-2024-42132 CVE-2024-42133 CVE-2024-42135 CVE-2024-42136 CVE-2024-42138 CVE-2024-42140 CVE-2024-42142 CVE-2024-42144 CVE-2024-42156 CVE-2024-42160 CVE-2024-42161 CVE-2024-42224 CVE-2024-42225 CVE-2024-42230 CVE-2024-42265 CVE-2024-42267 CVE-2024-42268 CVE-2024-42269 CVE-2024-42270 CVE-2024-42273 CVE-2024-42274 CVE-2024-42284 CVE-2024-42285 CVE-2024-42302 CVE-2024-43819 CVE-2024-43824 CVE-2024-43853 CVE-2024-43861 CVE-2024-43863 CVE-2024-43864 CVE-2024-43866 CVE-2024-43868 CVE-2024-43869 CVE-2024-43882 CVE-2024-44938 CVE-2024-44941 |
| CWE-ID | CWE-399 CWE-617 CWE-20 CWE-476 CWE-401 CWE-667 CWE-125 CWE-908 CWE-200 CWE-119 CWE-416 CWE-665 CWE-415 CWE-388 CWE-190 CWE-835 CWE-682 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 134 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU93043
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33621
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ipvlan_process_v4_outbound() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Reachable assertion
EUVDB-ID: #VU93128
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33847
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the f2fs_setattr() function in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU93172
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34777
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the map_benchmark_ioctl() function in kernel/dma/map_benchmark.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU93028
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36270
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nf_tproxy_laddr4() function in net/ipv4/netfilter/nf_tproxy_ipv4.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory leak
EUVDB-ID: #VU93017
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36281
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper locking
EUVDB-ID: #VU93036
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36286
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the instance_destroy_rcu() function in net/netfilter/nfnetlink_queue.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Reachable assertion
EUVDB-ID: #VU93039
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36484
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the __inet_accept() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource management error
EUVDB-ID: #VU93278
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36908
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iocg_pay_debt() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU90269
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36914
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dm_resume(), get_highest_refresh_rate_mode() and amdgpu_dm_commit_audio() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use of uninitialized resource
EUVDB-ID: #VU90862
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36933
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and nsh_gso_segment() functions in net/nsh/nsh.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU90383
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36938
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/skmsg.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Memory leak
EUVDB-ID: #VU91614
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36947
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the remove_device_files() function in drivers/infiniband/hw/qib/qib_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Information disclosure
EUVDB-ID: #VU91321
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36959
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the pinctrl_dt_to_map() function in drivers/pinctrl/devicetree.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) NULL pointer dereference
EUVDB-ID: #VU93031
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38390
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the a6xx_gpu_init() function in drivers/gpu/drm/msm/adreno/a6xx_gpu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Memory leak
EUVDB-ID: #VU92293
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38539
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cma_validate_port() function in drivers/infiniband/core/cma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) NULL pointer dereference
EUVDB-ID: #VU92352
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38543
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dmirror_device_evict_chunk() function in lib/test_hmm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Buffer overflow
EUVDB-ID: #VU93344
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38544
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rxe_comp_queue_pkt() function in drivers/infiniband/sw/rxe/rxe_comp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU92351
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38546
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vc4_hdmi_audio_init() function in drivers/gpu/drm/vc4/vc4_hdmi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU92348
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38550
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kirkwood_dma_hw_params() function in sound/soc/kirkwood/kirkwood-dma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper locking
EUVDB-ID: #VU92368
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38557
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the enable_mpesw() and mlx5_lag_add_devices() functions in drivers/net/ethernet/mellanox/mlx5/core/lag/mpesw.c, within the mlx5_disable_lag() and mlx5_do_bond() functions in drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c, within the esw_offloads_cleanup(), mlx5_esw_offloads_rep_load(), esw_destroy_offloads_acl_tables() and mlx5_eswitch_reload_reps() functions in drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds read
EUVDB-ID: #VU92327
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38560
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bfad_debugfs_write_regrd() and bfad_debugfs_write_regwr() functions in drivers/scsi/bfa/bfad_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU92308
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38561
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kunit_try_catch_run() function in lib/kunit/try-catch.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Resource management error
EUVDB-ID: #VU93836
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38565
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ar5523_probe() function in drivers/net/wireless/ath/ar5523/ar5523.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) NULL pointer dereference
EUVDB-ID: #VU93047
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38566
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the real_bind() function in tools/testing/selftests/bpf/progs/lsm_cgroup.c, within the BPF_PROG() function in tools/testing/selftests/bpf/progs/local_storage.c, within the SEC() function in tools/testing/selftests/bpf/progs/bench_local_storage_create.c, within the mark_btf_ld_reg(), check_map_kptr_access(), is_trusted_reg(), bpf_map_direct_read(), BTF_TYPE_SAFE_TRUSTED(), type_is_trusted() and check_ptr_to_btf_access() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper locking
EUVDB-ID: #VU92367
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38580
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ep_eventpoll_poll() function in fs/eventpoll.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper Initialization
EUVDB-ID: #VU92382
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38593
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the lan8841_suspend() function in drivers/net/phy/micrel.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper locking
EUVDB-ID: #VU92361
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38597
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gem_interrupt() and gem_init_one() functions in drivers/net/ethernet/sun/sungem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Memory leak
EUVDB-ID: #VU92298
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38611
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the et8ek8_remove() and __exit_p() functions in drivers/media/i2c/et8ek8/et8ek8_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper locking
EUVDB-ID: #VU92359
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38613
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the arch/m68k/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Buffer overflow
EUVDB-ID: #VU93620
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38616
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the carl9170_tx_release() function in drivers/net/wireless/ath/carl9170/tx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Double free
EUVDB-ID: #VU93040
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38627
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the stm_register_device() function in drivers/hwtracing/stm/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Out-of-bounds read
EUVDB-ID: #VU93027
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38635
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sdw_cdns_alloc_pdi() function in drivers/soundwire/cadence_master.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Memory leak
EUVDB-ID: #VU93320
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39276
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ext4_xattr_block_cache_find() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Resource management error
EUVDB-ID: #VU93339
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39298
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the me_huge_page() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper locking
EUVDB-ID: #VU93824
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39476
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the raid5d() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Memory leak
EUVDB-ID: #VU94085
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39490
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_input_core() function in net/ipv6/seg6_iptunnel.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Improper error handling
EUVDB-ID: #VU94088
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39491
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the cs35l56_hda_unbind(), cs35l56_hda_common_probe() and cs35l56_hda_remove() functions in sound/pci/hda/cs35l56_hda.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Improper locking
EUVDB-ID: #VU94277
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39501
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the uevent_show() function in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) NULL pointer dereference
EUVDB-ID: #VU94260
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39504
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nft_payload_inner_init() function in net/netfilter/nft_payload.c, within the nft_meta_inner_init() function in net/netfilter/nft_meta.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Out-of-bounds read
EUVDB-ID: #VU94233
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40901
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mpt3sas_base_attach() and _base_check_ioc_facts_changes() functions in drivers/scsi/mpt3sas/mpt3sas_base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Memory leak
EUVDB-ID: #VU94203
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40910
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_accept() function in net/ax25/af_ax25.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) NULL pointer dereference
EUVDB-ID: #VU94256
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40911
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cfg80211_get_station() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Improper error handling
EUVDB-ID: #VU94291
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40914
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the unpoison_memory() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) NULL pointer dereference
EUVDB-ID: #VU94254
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40919
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __hwrm_send() function in drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper Initialization
EUVDB-ID: #VU94298
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40925
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the blk_flush_complete_seq() and flush_end_io() functions in block/blk-flush.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) NULL pointer dereference
EUVDB-ID: #VU94252
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40928
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ethtool_get_phy_stats_ethtool() function in net/ethtool/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Input validation error
EUVDB-ID: #VU94320
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40938
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the current_check_refer_path() function in security/landlock/fs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Input validation error
EUVDB-ID: #VU94321
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40939
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ipc_devlink_create_region() function in drivers/net/wwan/iosm/iosm_ipc_devlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Input validation error
EUVDB-ID: #VU94322
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40940
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5_lag_create_port_sel_table() function in drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Input validation error
EUVDB-ID: #VU94317
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40944
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the machine_kexec_cleanup() and machine_kexec() functions in arch/x86/kernel/machine_kexec_64.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) NULL pointer dereference
EUVDB-ID: #VU94250
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40945
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/iommu.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Input validation error
EUVDB-ID: #VU94286
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40948
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the page_table_check_clear(), page_table_check_set() and __page_table_check_zero() functions in mm/page_table_check.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Resource management error
EUVDB-ID: #VU94305
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40950
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the split_huge_page_to_list_to_order() function in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Out-of-bounds read
EUVDB-ID: #VU94237
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40955
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the EXT4_ATTR_FUNC(), ext4_attr_show() and ext4_attr_store() functions in fs/ext4/sysfs.c, within the mb_avg_fragment_size_order() and ext4_mb_choose_next_group_best_avail() functions in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Improper locking
EUVDB-ID: #VU94275
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40966
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the con_cleanup() function in drivers/tty/vt/vt.c, within the tty_set_ldisc() function in drivers/tty/tty_ldisc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Improper locking
EUVDB-ID: #VU94273
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40969
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_handle_critical_error() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Resource management error
EUVDB-ID: #VU94300
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40970
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the axi_desc_alloc(), axi_desc_get() and axi_chan_block_xfer_complete() functions in drivers/dma/dw-axi-dmac/dw-axi-dmac-platform.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Resource management error
EUVDB-ID: #VU94308
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40988
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/radeon/sumo_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Buffer overflow
EUVDB-ID: #VU94302
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40992
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rxe_resp_check_length() function in drivers/infiniband/sw/rxe/rxe_resp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Integer overflow
EUVDB-ID: #VU94294
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40994
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the max_vclocks_store() function in drivers/ptp/ptp_sysfs.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Buffer overflow
EUVDB-ID: #VU94303
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40996
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the DEFINE_PER_CPU() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Input validation error
EUVDB-ID: #VU94842
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41015
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ocfs2_check_dir_entry(), ocfs2_search_dirblock(), __ocfs2_delete_entry(), __ocfs2_add_entry(), ocfs2_dir_foreach_blk_id(), ocfs2_dir_foreach_blk_el(), ocfs2_find_dir_space_id() and ocfs2_find_dir_space_el() functions in fs/ocfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Memory leak
EUVDB-ID: #VU94925
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41025
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fastrpc_init_create_static_process() function in drivers/misc/fastrpc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Out-of-bounds read
EUVDB-ID: #VU94954
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41028
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/platform/x86/toshiba_acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Improper error handling
EUVDB-ID: #VU95021
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41030
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the smb2_create_open_flags() and smb2_open() functions in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Resource management error
EUVDB-ID: #VU95070
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41031
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the do_sync_mmap_readahead() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Improper locking
EUVDB-ID: #VU94995
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41036
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ks8851_tx_work() function in drivers/net/ethernet/micrel/ks8851_spi.c, within the ks8851_irq() and ks8851_set_rx_mode() functions in drivers/net/ethernet/micrel/ks8851_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Buffer overflow
EUVDB-ID: #VU95048
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41038
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the cs_dsp_coeff_parse_string(), cs_dsp_coeff_parse_int(), cs_dsp_coeff_parse_coeff() and cs_dsp_parse_coeff() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Improper locking
EUVDB-ID: #VU94994
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41047
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the i40e_xdp_setup() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Improper locking
EUVDB-ID: #VU94993
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41050
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cachefiles_ondemand_send_req() function in fs/cachefiles/ondemand.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Use-after-free
EUVDB-ID: #VU94946
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41051
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cachefiles_ondemand_clean_object() function in fs/cachefiles/ondemand.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) NULL pointer dereference
EUVDB-ID: #VU94981
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41053
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ufshcd_abort_one() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) NULL pointer dereference
EUVDB-ID: #VU94980
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41054
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() and ufshcd_mcq_sq_cleanup() functions in drivers/ufs/core/ufs-mcq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Use-after-free
EUVDB-ID: #VU94944
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41058
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cachefiles_withdraw_volumes() function in fs/cachefiles/cache.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Use of uninitialized resource
EUVDB-ID: #VU95033
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41059
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hfsplus_listxattr() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) NULL pointer dereference
EUVDB-ID: #VU94978
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41060
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the radeon_gem_va_update_vm() function in drivers/gpu/drm/radeon/radeon_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Memory leak
EUVDB-ID: #VU94927
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41066
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ibmvnic_xmit() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Resource management error
EUVDB-ID: #VU95072
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41068
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sclp_init() function in drivers/s390/char/sclp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) NULL pointer dereference
EUVDB-ID: #VU94973
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41084
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __cxl_dpa_to_region() function in drivers/cxl/core/region.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Double free
EUVDB-ID: #VU95008
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41087
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ata_host_alloc() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Improper locking
EUVDB-ID: #VU94989
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41088
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mcp251xfd_tx_obj_from_skb(), mcp251xfd_tx_busy() and mcp251xfd_start_xmit() functions in drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c, within the mcp251xfd_open() and mcp251xfd_stop() functions in drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Use-after-free
EUVDB-ID: #VU94938
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41092
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the i915_vma_revoke_fence() function in drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Improper error handling
EUVDB-ID: #VU95019
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41093
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the amdgpu_vkms_prepare_fb() and amdgpu_vkms_cleanup_fb() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Buffer overflow
EUVDB-ID: #VU95056
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41094
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drm_fbdev_dma_helper_fb_probe() function in drivers/gpu/drm/drm_fbdev_dma.c, within the drm_fb_helper_alloc_info() and __drm_fb_helper_initial_config_and_unlock() functions in drivers/gpu/drm/drm_fb_helper.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Use of uninitialized resource
EUVDB-ID: #VU95030
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42063
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the PROG_NAME() and PROG_NAME_ARGS() functions in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Double free
EUVDB-ID: #VU95009
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42069
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the add_adev() function in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Memory leak
EUVDB-ID: #VU94923
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42070
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_lookup_init() function in net/netfilter/nft_lookup.c, within the nf_tables_fill_setelem() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Use-after-free
EUVDB-ID: #VU94940
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42073
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_sb_sr_occ_query_cb(), mlxsw_reg_sbsr_pack() and mlxsw_sp_sb_occ_max_clear() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_buffers.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) NULL pointer dereference
EUVDB-ID: #VU94969
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42074
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_acp_resume() function in sound/soc/amd/acp/acp-pci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) NULL pointer dereference
EUVDB-ID: #VU94968
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42079
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gfs2_jindex_free() function in fs/gfs2/super.c, within the lops_before_commit() function in fs/gfs2/log.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) NULL pointer dereference
EUVDB-ID: #VU94965
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42085
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dwc3_suspend_common() and dwc3_resume_common() functions in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Infinite loop
EUVDB-ID: #VU95044
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42100
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the sunxi_ccu_probe() function in drivers/clk/sunxi-ng/ccu_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Improper error handling
EUVDB-ID: #VU95016
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42103
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the btrfs_reclaim_bgs_work() function in fs/btrfs/block-group.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Use-after-free
EUVDB-ID: #VU94934
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42109
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nft_rcv_nl_event() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Use of uninitialized resource
EUVDB-ID: #VU95025
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42113
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the wx_set_interrupt_capability() function in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Input validation error
EUVDB-ID: #VU95099
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42120
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dce110_vblank_set() function in drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Input validation error
EUVDB-ID: #VU95098
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42121
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the read() and write() functions in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Incorrect calculation
EUVDB-ID: #VU95075
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42130
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the virtual_ncidev_write() function in drivers/nfc/virtual_ncidev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Resource management error
EUVDB-ID: #VU95060
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42132
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hci_conn_hash_alloc_unset() and hci_conn_add_unset() functions in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Input validation error
EUVDB-ID: #VU95096
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42133
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_le_big_sync_established_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Input validation error
EUVDB-ID: #VU95095
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42135
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vhost_task_fn(), EXPORT_SYMBOL_GPL() and vhost_task_create() functions in kernel/vhost_task.c, within the __vhost_worker_flush(), vhost_vq_reset(), vhost_worker(), vhost_worker_create(), __vhost_vq_attach_worker() and vhost_free_worker() functions in drivers/vhost/vhost.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Integer overflow
EUVDB-ID: #VU95036
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42136
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the cdrom_ioctl_timed_media_change() function in drivers/cdrom/cdrom.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) NULL pointer dereference
EUVDB-ID: #VU94959
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42138
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vfree() function in drivers/net/ethernet/mellanox/mlxsw/core_linecards.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Improper locking
EUVDB-ID: #VU94985
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42140
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the machine_kexec_mask_interrupts() function in arch/riscv/kernel/machine_kexec.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Input validation error
EUVDB-ID: #VU95083
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42142
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the acl_ingress_ofld_setup(), esw_acl_ingress_src_port_drop_create(), esw_acl_ingress_ofld_groups_destroy() and esw_acl_ingress_ofld_setup() functions in drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) NULL pointer dereference
EUVDB-ID: #VU94958
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42144
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lvts_probe() function in drivers/thermal/mediatek/lvts_thermal.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Input validation error
EUVDB-ID: #VU95091
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42156
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Input validation error
EUVDB-ID: #VU94999
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42160
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the f2fs_build_fault_attr() and parse_options() functions in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Use of uninitialized resource
EUVDB-ID: #VU95027
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42161
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the tools/lib/bpf/bpf_core_read.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Improper error handling
EUVDB-ID: #VU95012
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42224
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mv88e6xxx_default_mdio_bus() function in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Use of uninitialized resource
EUVDB-ID: #VU95028
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42225
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mt7915_mcu_add_nested_subtlv() function in drivers/net/wireless/mediatek/mt76/mt7915/mcu.c, within the mt76_connac_mcu_add_nested_tlv(), mt76_connac_mcu_hw_scan(), mt76_connac_mcu_sched_scan_req(), mt76_connac_mcu_update_gtk_rekey() and mt76_connac_mcu_set_wow_pattern() functions in drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Resource management error
EUVDB-ID: #VU95062
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42230
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the define_machine() function in arch/powerpc/platforms/pseries/setup.c, within the pseries_kexec_cpu_down() function in arch/powerpc/platforms/pseries/kexec.c, within the default_machine_kexec() function in arch/powerpc/kexec/core_64.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Input validation error
EUVDB-ID: #VU96203
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42265
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __releases() function in fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Input validation error
EUVDB-ID: #VU96204
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42267
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the no_context() function in arch/riscv/mm/fault.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Improper locking
EUVDB-ID: #VU96159
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42268
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5_fw_reset_set_live_patch() and mlx5_fw_reset_complete_reload() functions in drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) NULL pointer dereference
EUVDB-ID: #VU96146
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42269
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip6table_nat_init() function in net/ipv6/netfilter/ip6table_nat.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) NULL pointer dereference
EUVDB-ID: #VU96145
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42270
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iptable_nat_init() function in net/ipv4/netfilter/iptable_nat.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Improper error handling
EUVDB-ID: #VU96168
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42273
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __get_segment_type_6() function in fs/f2fs/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Improper locking
EUVDB-ID: #VU96158
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42274
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the update_pcm_pointers() and amdtp_domain_stream_pcm_pointer() functions in sound/firewire/amdtp-stream.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Buffer overflow
EUVDB-ID: #VU96176
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42284
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Use-after-free
EUVDB-ID: #VU96107
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42285
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Use-after-free
EUVDB-ID: #VU96108
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42302
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pci_bus_max_d3cold_delay() and pci_bridge_wait_for_secondary_bus() functions in drivers/pci/pci.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) NULL pointer dereference
EUVDB-ID: #VU96130
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43819
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kvm_arch_prepare_memory_region() function in arch/s390/kvm/kvm-s390.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) NULL pointer dereference
EUVDB-ID: #VU96126
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43824
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pci_epf_test_core_init() function in drivers/pci/endpoint/functions/pci-epf-test.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Use-after-free
EUVDB-ID: #VU96104
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43853
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the proc_cpuset_show() function in kernel/cgroup/cpuset.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Memory leak
EUVDB-ID: #VU96290
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43861
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Improper locking
EUVDB-ID: #VU96297
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43863
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vmw_fence_obj_destroy(), vmw_fence_obj_init() and vmw_fence_goal_new_locked() functions in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Memory leak
EUVDB-ID: #VU96289
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43864
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlx5_tc_ct_entry_destroy_mod_hdr() function in drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) NULL pointer dereference
EUVDB-ID: #VU96293
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43866
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_sf_dev_shutdown() function in drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c, within the mlx5_try_fast_unload() and shutdown() functions in drivers/net/ethernet/mellanox/mlx5/core/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Input validation error
EUVDB-ID: #VU96306
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43868
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the SYM_CODE_END() function in arch/riscv/purgatory/entry.S. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Memory leak
EUVDB-ID: #VU96285
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43869
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the event_sched_out(), exclusive_event_installable(), perf_pending_task() and perf_event_alloc() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Improper locking
EUVDB-ID: #VU96295
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43882
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bprm_fill_uid() function in fs/exec.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Out-of-bounds read
EUVDB-ID: #VU96550
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44938
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbDiscardAG() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Use-after-free
EUVDB-ID: #VU96549
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44941
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the do_read_inode() function in fs/f2fs/inode.c, within the sanity_check_extent_cache() and f2fs_init_read_extent_tree() functions in fs/f2fs/extent_cache.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-39.0.0.47
python3-perf: before 6.6.0-39.0.0.47
perf-debuginfo: before 6.6.0-39.0.0.47
perf: before 6.6.0-39.0.0.47
kernel-tools-devel: before 6.6.0-39.0.0.47
kernel-tools-debuginfo: before 6.6.0-39.0.0.47
kernel-tools: before 6.6.0-39.0.0.47
kernel-source: before 6.6.0-39.0.0.47
kernel-headers: before 6.6.0-39.0.0.47
kernel-devel: before 6.6.0-39.0.0.47
kernel-debugsource: before 6.6.0-39.0.0.47
kernel-debuginfo: before 6.6.0-39.0.0.47
bpftool-debuginfo: before 6.6.0-39.0.0.47
bpftool: before 6.6.0-39.0.0.47
kernel: before 6.6.0-39.0.0.47
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
