openEuler 22.03 LTS SP1 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 54 |
| CVE-ID | CVE-2021-47292 CVE-2021-47504 CVE-2021-47556 CVE-2022-48634 CVE-2022-48639 CVE-2022-48642 CVE-2022-48643 CVE-2022-48644 CVE-2022-48647 CVE-2022-48648 CVE-2022-48656 CVE-2022-48663 CVE-2022-48671 CVE-2022-48672 CVE-2022-48675 CVE-2022-48686 CVE-2022-48687 CVE-2022-48691 CVE-2022-48873 CVE-2022-48896 CVE-2022-48898 CVE-2022-48899 CVE-2022-48920 CVE-2022-48935 CVE-2023-52893 CVE-2023-52898 CVE-2023-52901 CVE-2023-52903 CVE-2024-22386 CVE-2024-36946 CVE-2024-38613 CVE-2024-39490 CVE-2024-41002 CVE-2024-41068 CVE-2024-42120 CVE-2024-42122 CVE-2024-42265 CVE-2024-42271 CVE-2024-42280 CVE-2024-42281 CVE-2024-42284 CVE-2024-42285 CVE-2024-42297 CVE-2024-42305 CVE-2024-42308 CVE-2024-43819 CVE-2024-43828 CVE-2024-43831 CVE-2024-43853 CVE-2024-43860 CVE-2024-43861 CVE-2024-43866 CVE-2024-43879 CVE-2024-43882 |
| CWE-ID | CWE-401 CWE-399 CWE-476 CWE-667 CWE-200 CWE-191 CWE-193 CWE-416 CWE-125 CWE-362 CWE-119 CWE-20 CWE-388 CWE-908 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 54 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU89954
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47292
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the io_init_wq_offload() function in fs/io_uring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU93837
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47504
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the io_uring_drop_tctx_refs() and io_uring_cancel_generic() functions in fs/io_uring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU90530
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47556
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ethtool_set_coalesce() function in net/ethtool/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper locking
EUVDB-ID: #VU91451
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48634
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gma_crtc_page_flip() function in drivers/gpu/drm/gma500/gma_display.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU91361
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48639
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the net/sched/cls_api.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory leak
EUVDB-ID: #VU89996
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48642
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nf_tables_addchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer underflow
EUVDB-ID: #VU91670
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48643
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nf_tables_addchain() function in net/netfilter/nf_tables_api.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper locking
EUVDB-ID: #VU91452
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48644
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the taprio_enable_offload() and taprio_disable_offload() functions in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU90564
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48647
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the efx_probe_interrupts() function in drivers/net/ethernet/sfc/efx_channels.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU90566
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48648
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the efx_hard_start_xmit() function in drivers/net/ethernet/sfc/tx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Information disclosure
EUVDB-ID: #VU91362
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48656
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to information disclosure within the of_xudma_dev_get() function in drivers/dma/ti/k3-udma-private.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU90567
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48663
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gpio_mockup_init() function in drivers/gpio/gpio-mockup.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper locking
EUVDB-ID: #VU90763
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48671
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cgroup_attach_task_all() function in kernel/cgroup/cgroup-v1.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Off-by-one
EUVDB-ID: #VU91174
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48672
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an off-by-one error within the unflatten_dt_nodes() function in drivers/of/fdt.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper locking
EUVDB-ID: #VU90762
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48675
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mmput_async() function in kernel/fork.c, within the mutex_unlock() function in drivers/infiniband/core/umem_odp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU90175
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48686
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_tcp_io_work() function in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds read
EUVDB-ID: #VU90314
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48687
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to an out-of-bounds read error within the seg6_genl_sethmac() function in net/ipv6/seg6.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Memory leak
EUVDB-ID: #VU89990
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48691
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_basechain_init() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free
EUVDB-ID: #VU96330
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48873
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fastrpc_free_map(), fastrpc_buf_free() and fastrpc_device_release() functions in drivers/misc/fastrpc.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Memory leak
EUVDB-ID: #VU96321
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48896
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ixgbe_get_first_secondary_devfn() and ixgbe_x550em_a_has_mii() functions in drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper locking
EUVDB-ID: #VU96360
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48898
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dp_aux_isr() function in drivers/gpu/drm/msm/dp/dp_aux.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU96334
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48899
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the virtio_gpu_resource_create_ioctl() function in drivers/gpu/drm/virtio/virtgpu_ioctl.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper locking
EUVDB-ID: #VU96437
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48920
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the btrfs_cleanup_pending_block_groups() function in fs/btrfs/transaction.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU96409
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48935
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __nft_release_table() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU96349
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52893
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gsmi_get_variable() function in drivers/firmware/google/gsmi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) NULL pointer dereference
EUVDB-ID: #VU96346
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52898
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_free_dev() function in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) NULL pointer dereference
EUVDB-ID: #VU96343
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52901
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_kill_endpoint_urbs() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper locking
EUVDB-ID: #VU96361
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52903
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_iopoll_complete() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Concurrent execution using shared resource with improper synchronization ('race condition')
EUVDB-ID: #VU92718
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22386
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to concurrent execution using shared resource with improper synchronization ('race condition') error. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Buffer overflow
EUVDB-ID: #VU93469
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36946
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the rtm_phonet_notify() function in net/phonet/pn_netlink.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improper locking
EUVDB-ID: #VU92359
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38613
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the arch/m68k/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Memory leak
EUVDB-ID: #VU94085
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39490
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_input_core() function in net/ipv6/seg6_iptunnel.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Memory leak
EUVDB-ID: #VU94212
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41002
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sec_alg_resource_free() function in drivers/crypto/hisilicon/sec2/sec_crypto.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Resource management error
EUVDB-ID: #VU95072
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41068
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sclp_init() function in drivers/s390/char/sclp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Input validation error
EUVDB-ID: #VU95099
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42120
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dce110_vblank_set() function in drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) NULL pointer dereference
EUVDB-ID: #VU94961
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42122
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c, within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c, within the dcn321_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c, within the dcn32_hpo_dp_link_encoder_create() and dml1_validate() functions in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c, within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn316/dcn316_resource.c, within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn315/dcn315_resource.c, within the dcn31_hpo_dp_link_encoder_create() and dcn314_validate_bandwidth() functions in drivers/gpu/drm/amd/display/dc/resource/dcn314/dcn314_resource.c, within the dcn31_hpo_dp_link_encoder_create() and dcn31_validate_bandwidth() functions in drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c, within the dcn30_validate_bandwidth() function in drivers/gpu/drm/amd/display/dc/resource/dcn30/dcn30_resource.c, within the dcn32_clk_mgr_construct() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c, within the dcn3_clk_mgr_construct() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Input validation error
EUVDB-ID: #VU96203
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42265
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __releases() function in fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Use-after-free
EUVDB-ID: #VU96105
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42271
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iucv_sever_path() function in net/iucv/af_iucv.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU96106
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42280
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfcmulti_dtmf() and HFC_wait_nodebug() functions in drivers/isdn/hardware/mISDN/hfcmulti.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Input validation error
EUVDB-ID: #VU96206
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42281
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bpf_skb_net_grow() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Buffer overflow
EUVDB-ID: #VU96176
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42284
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Use-after-free
EUVDB-ID: #VU96107
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42285
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Improper error handling
EUVDB-ID: #VU96165
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42297
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_mark_inode_dirty_sync() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Resource management error
EUVDB-ID: #VU96182
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42305
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the add_dirent_to_buf() and make_indexed_dir() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) NULL pointer dereference
EUVDB-ID: #VU96136
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42308
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_plane_get_status() function in drivers/gpu/drm/amd/display/dc/core/dc_surface.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) NULL pointer dereference
EUVDB-ID: #VU96130
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43819
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kvm_arch_prepare_memory_region() function in arch/s390/kvm/kvm-s390.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Use of uninitialized resource
EUVDB-ID: #VU96169
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43828
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ext4_es_find_extent_range() function in fs/ext4/extents_status.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Input validation error
EUVDB-ID: #VU96196
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43831
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vpu_dec_init() function in drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Use-after-free
EUVDB-ID: #VU96104
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43853
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the proc_cpuset_show() function in kernel/cgroup/cpuset.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) NULL pointer dereference
EUVDB-ID: #VU96118
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43860
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the imx_rproc_addr_init() function in drivers/remoteproc/imx_rproc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Memory leak
EUVDB-ID: #VU96290
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43861
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) NULL pointer dereference
EUVDB-ID: #VU96293
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43866
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_sf_dev_shutdown() function in drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c, within the mlx5_try_fast_unload() and shutdown() functions in drivers/net/ethernet/mellanox/mlx5/core/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Resource management error
EUVDB-ID: #VU96304
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43879
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cfg80211_calculate_bitrate_he() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Improper locking
EUVDB-ID: #VU96295
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43882
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bprm_fill_uid() function in fs/exec.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.91.0.172
python3-perf: before 5.10.0-136.91.0.172
perf-debuginfo: before 5.10.0-136.91.0.172
perf: before 5.10.0-136.91.0.172
kernel-tools-devel: before 5.10.0-136.91.0.172
kernel-tools-debuginfo: before 5.10.0-136.91.0.172
kernel-tools: before 5.10.0-136.91.0.172
kernel-source: before 5.10.0-136.91.0.172
kernel-headers: before 5.10.0-136.91.0.172
kernel-devel: before 5.10.0-136.91.0.172
kernel-debugsource: before 5.10.0-136.91.0.172
kernel-debuginfo: before 5.10.0-136.91.0.172
kernel: before 5.10.0-136.91.0.172
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
