openEuler 22.03 LTS SP3 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 32 |
| CVE-ID | CVE-2022-48828 CVE-2023-52691 CVE-2024-36270 CVE-2024-36915 CVE-2024-39501 CVE-2024-40978 CVE-2024-41017 CVE-2024-41098 CVE-2024-42104 CVE-2024-42119 CVE-2024-42292 CVE-2024-43846 CVE-2024-43863 CVE-2024-44939 CVE-2024-44965 CVE-2024-44995 CVE-2024-44999 CVE-2024-45003 CVE-2024-45025 CVE-2024-45028 CVE-2024-46714 CVE-2024-46723 CVE-2024-46731 CVE-2024-46733 CVE-2024-46742 CVE-2024-46744 CVE-2024-46745 CVE-2024-46747 CVE-2024-46751 CVE-2024-46752 CVE-2024-46787 CVE-2024-46800 |
| CWE-ID | CWE-191 CWE-415 CWE-476 CWE-125 CWE-667 CWE-399 CWE-20 CWE-416 CWE-388 CWE-119 CWE-908 CWE-682 CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 32 vulnerabilities.
1) Integer underflow
EUVDB-ID: #VU94466
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48828
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nfsd_setattr() function in fs/nfsd/vfs.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Double free
EUVDB-ID: #VU90921
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52691
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the si_dpm_init() function in drivers/gpu/drm/amd/amdgpu/si_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU93028
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36270
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nf_tproxy_laddr4() function in net/ipv4/netfilter/nf_tproxy_ipv4.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU90268
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36915
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nfc_llcp_setsockopt() function in net/nfc/llcp_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper locking
EUVDB-ID: #VU94277
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39501
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the uevent_show() function in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource management error
EUVDB-ID: #VU94299
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40978
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qedi_dbg_do_not_recover_cmd_read() function in drivers/scsi/qedi/qedi_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU94843
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41017
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __jfs_getxattr() and jfs_listxattr() functions in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU94970
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41098
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ata_host_release() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU94937
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42104
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_check_page() and nilfs_error() functions in fs/nilfs2/dir.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper error handling
EUVDB-ID: #VU95015
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42119
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the find_first_free_audio() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds read
EUVDB-ID: #VU96114
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42292
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the zap_modalias_env() function in lib/kobject_uevent.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Resource management error
EUVDB-ID: #VU96186
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43846
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the objagg_obj_parent_assign() function in lib/objagg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper locking
EUVDB-ID: #VU96297
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43863
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vmw_fence_obj_destroy(), vmw_fence_obj_init() and vmw_fence_goal_new_locked() functions in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) NULL pointer dereference
EUVDB-ID: #VU96551
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44939
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dtInsert() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU96878
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44965
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pti_clone_pgtable() function in arch/x86/mm/pti.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper locking
EUVDB-ID: #VU96855
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44995
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hns3_reset_notify_uninit_enet() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use of uninitialized resource
EUVDB-ID: #VU96870
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44999
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the gtp_dev_xmit() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU96843
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45003
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the inode_lru_list_del(), evict() and inode_lru_isolate() functions in fs/inode.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Incorrect calculation
EUVDB-ID: #VU97193
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45025
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the free_fdtable_rcu(), copy_fdtable() and dup_fd() functions in fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) NULL pointer dereference
EUVDB-ID: #VU97173
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45028
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtf_test_write() function in drivers/mmc/core/mmc_test.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper error handling
EUVDB-ID: #VU97548
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46714
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the wbscl_set_scaler_filter() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds read
EUVDB-ID: #VU97509
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46723
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_cgs_get_firmware_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU97512
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46731
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the atomctrl_retrieve_ac_timing() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Memory leak
EUVDB-ID: #VU97490
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46733
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_qgroup_free_data() and extent_clear_unlock_delalloc() functions in fs/btrfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU97527
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46742
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the parse_durable_handle_context() and smb2_open() functions in fs/smb/server/smb2pdu.c, within the create_lease_buf() function in fs/smb/server/oplock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Input validation error
EUVDB-ID: #VU97540
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46744
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU97493
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46745
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uinput_validate_absinfo() function in drivers/input/misc/uinput.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Out-of-bounds read
EUVDB-ID: #VU97504
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46747
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cougar_fix_g6_mapping() function in drivers/hid/hid-cougar.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Incorrect calculation
EUVDB-ID: #VU97561
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46751
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the btrfs_item_ptr() and spin_lock() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper error handling
EUVDB-ID: #VU97543
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46752
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the update_ref_for_cow() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improper locking
EUVDB-ID: #VU97536
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46787
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pmdp_get_lockless() function in mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Use-after-free
EUVDB-ID: #VU97501
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-230.0.0.132
python3-perf: before 5.10.0-230.0.0.132
perf-debuginfo: before 5.10.0-230.0.0.132
perf: before 5.10.0-230.0.0.132
kernel-tools-devel: before 5.10.0-230.0.0.132
kernel-tools-debuginfo: before 5.10.0-230.0.0.132
kernel-tools: before 5.10.0-230.0.0.132
kernel-source: before 5.10.0-230.0.0.132
kernel-headers: before 5.10.0-230.0.0.132
kernel-devel: before 5.10.0-230.0.0.132
kernel-debugsource: before 5.10.0-230.0.0.132
kernel-debuginfo: before 5.10.0-230.0.0.132
kernel: before 5.10.0-230.0.0.132
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
