openEuler 22.03 LTS SP4 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 47 |
| CVE-ID | CVE-2024-39482 CVE-2024-41030 CVE-2024-41095 CVE-2024-43900 CVE-2024-44958 CVE-2024-44982 CVE-2024-45008 CVE-2024-45016 CVE-2024-46673 CVE-2024-46674 CVE-2024-46679 CVE-2024-46681 CVE-2024-46695 CVE-2024-46707 CVE-2024-46721 CVE-2024-46725 CVE-2024-46726 CVE-2024-46732 CVE-2024-46737 CVE-2024-46738 CVE-2024-46739 CVE-2024-46740 CVE-2024-46743 CVE-2024-46750 CVE-2024-46753 CVE-2024-46755 CVE-2024-46756 CVE-2024-46758 CVE-2024-46759 CVE-2024-46761 CVE-2024-46771 CVE-2024-46777 CVE-2024-46780 CVE-2024-46781 CVE-2024-46791 CVE-2024-46798 CVE-2024-46804 CVE-2024-46814 CVE-2024-46816 CVE-2024-46818 CVE-2024-46821 CVE-2024-46829 CVE-2024-46833 CVE-2024-46841 CVE-2024-46844 CVE-2024-46849 CVE-2024-46857 |
| CWE-ID | CWE-125 CWE-388 CWE-476 CWE-416 CWE-399 CWE-401 CWE-119 CWE-20 CWE-835 CWE-667 CWE-369 CWE-191 CWE-190 CWE-682 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 47 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU93821
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39482
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bch_dirty_init_thread() and bch_sectors_dirty_init() functions in drivers/md/bcache/writeback.c, within the bch_root_usage() function in drivers/md/bcache/sysfs.c, within the bch_cache_set_alloc() function in drivers/md/bcache/super.c, within the btree_gc_mark_node(), btree_gc_rewrite_node(), btree_gc_recurse(), bch_btree_check_recurse(), bch_btree_check_thread(), bch_btree_check(), bch_btree_map_nodes_recurse() and bch_btree_map_keys_recurse() functions in drivers/md/bcache/btree.c, within the bch_dump_bucket(), __bch_check_keys(), bch_btree_insert_key(), bch_btree_iter_push(), bch_btree_sort_partial() and bch_btree_sort_into() functions in drivers/md/bcache/bset.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper error handling
EUVDB-ID: #VU95021
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41030
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the smb2_create_open_flags() and smb2_open() functions in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU94966
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41095
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nv17_tv_get_ld_modes() function in drivers/gpu/drm/nouveau/dispnv04/tvnv17.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU96515
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43900
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the load_firmware_cb() function in drivers/media/tuners/xc2028.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource management error
EUVDB-ID: #VU96880
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44958
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sched_cpu_deactivate() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory leak
EUVDB-ID: #VU96828
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44982
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dpu_plane_prepare_fb() function in drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU96883
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45008
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the input_mt_init_slots() function in drivers/input/input-mt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU97169
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45016
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the netem_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU97251
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46673
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aac_init_adapter() function in drivers/scsi/aacraid/comminit.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU97252
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46674
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the st_dwc3_probe() and reset_control_assert() functions in drivers/usb/dwc3/dwc3-st.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU97269
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46679
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the speed_show() function in net/core/net-sysfs.c, within the __ethtool_get_link_ksettings() function in net/core/ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Infinite loop
EUVDB-ID: #VU97278
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46681
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the pktgen_thread_worker() and pg_net_init() functions in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper locking
EUVDB-ID: #VU97268
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46695
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smack_inode_notifysecctx() function in security/smack/smack_lsm.c, within the selinux_inode_notifysecctx() function in security/selinux/hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) NULL pointer dereference
EUVDB-ID: #VU97256
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46707
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the access_gic_sgi() function in arch/arm64/kvm/sys_regs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) NULL pointer dereference
EUVDB-ID: #VU97532
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46721
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __aafs_profile_mkdir() function in security/apparmor/apparmorfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU97511
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46725
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_ring_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Buffer overflow
EUVDB-ID: #VU97557
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46726
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dcn_bw_update_from_pplib_fclks() function in drivers/gpu/drm/amd/display/dc/dml/calcs/dcn_calcs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Division by zero
EUVDB-ID: #VU97555
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46732
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the dc_create() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU97529
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46737
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_install_queue() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU97491
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46738
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmci_resource_remove() function in drivers/misc/vmw_vmci/vmci_resource.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU97528
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46739
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hv_uio_channel_cb() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU97492
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46740
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the binder_transaction() function in drivers/android/binder.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU97503
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46743
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the of_irq_parse_one() function in drivers/of/irq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper locking
EUVDB-ID: #VU97539
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46750
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pci_bus_lock(), pci_bus_unlock(), pci_bus_trylock(), list_for_each_entry_continue_reverse(), pci_slot_lock() and pci_slot_trylock() functions in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper error handling
EUVDB-ID: #VU97544
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46753
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the walk_up_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) NULL pointer dereference
EUVDB-ID: #VU97525
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46755
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/marvell/mwifiex/main.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Integer underflow
EUVDB-ID: #VU97551
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46756
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the store_target_temp() and store_tolerance() functions in drivers/hwmon/w83627ehf.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Integer underflow
EUVDB-ID: #VU97553
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46758
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the set_tcrit2(), set_tcrit1(), set_tcrit1_hyst() and set_offset() functions in drivers/hwmon/lm95234.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Integer underflow
EUVDB-ID: #VU97554
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46759
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the adc128_set_in() and adc128_set_temp() functions in drivers/hwmon/adc128d818.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) NULL pointer dereference
EUVDB-ID: #VU97513
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46761
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pnv_php_disable_irq() function in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Memory leak
EUVDB-ID: #VU97485
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46771
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Integer overflow
EUVDB-ID: #VU97550
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46777
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the udf_fill_partdesc_info() function in fs/udf/super.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Buffer overflow
EUVDB-ID: #VU97564
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46780
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nilfs_dev_revision_show(), nilfs_dev_device_size_show(), nilfs_dev_uuid_show() and nilfs_dev_volume_name_show() functions in fs/nilfs2/sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Use-after-free
EUVDB-ID: #VU97495
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46781
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_finish_roll_forward() and nilfs_salvage_orphan_logs() functions in fs/nilfs2/recovery.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper locking
EUVDB-ID: #VU97535
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46791
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mcp251x_hw_wake() function in drivers/net/can/spi/mcp251x.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Use-after-free
EUVDB-ID: #VU97500
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46798
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_soc_dai_link_event() function in sound/soc/soc-dapm.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Resource management error
EUVDB-ID: #VU97827
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46804
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the read() and write() functions in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Input validation error
EUVDB-ID: #VU97844
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46814
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hdmi_14_process_transaction() and dp_11_process_transaction() functions in drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Resource management error
EUVDB-ID: #VU97829
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46816
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Input validation error
EUVDB-ID: #VU97842
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46818
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the is_pin_busy(), set_pin_busy(), set_pin_free(), dal_gpio_service_lock() and dal_gpio_service_unlock() functions in drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Input validation error
EUVDB-ID: #VU97841
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46821
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the navi10_get_current_clk_freq_by_table(), navi10_emit_clk_levels(), navi10_print_clk_levels() and navi10_force_clk_levels() functions in drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Improper locking
EUVDB-ID: #VU97803
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46829
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __rt_mutex_slowlock(), rt_mutex_handle_deadlock() and rt_mutex_slowlock() functions in kernel/locking/rtmutex.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Out-of-bounds read
EUVDB-ID: #VU97788
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46833
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hclge_query_reg_info_of_ssu() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_err.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Improper error handling
EUVDB-ID: #VU97814
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46841
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the walk_down_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Incorrect calculation
EUVDB-ID: #VU97833
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46844
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the setup_one_line() function in arch/um/drivers/line.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Use-after-free
EUVDB-ID: #VU97781
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46849
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the axg_card_add_tdm_loopback() function in sound/soc/meson/axg-card.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) NULL pointer dereference
EUVDB-ID: #VU97801
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46857
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_eswitch_set_vepa() and mlx5_eswitch_get_vepa() functions in drivers/net/ethernet/mellanox/mlx5/core/esw/legacy.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-231.0.0.130
python3-perf: before 5.10.0-231.0.0.130
perf-debuginfo: before 5.10.0-231.0.0.130
perf: before 5.10.0-231.0.0.130
kernel-tools-devel: before 5.10.0-231.0.0.130
kernel-tools-debuginfo: before 5.10.0-231.0.0.130
kernel-tools: before 5.10.0-231.0.0.130
kernel-source: before 5.10.0-231.0.0.130
kernel-headers: before 5.10.0-231.0.0.130
kernel-devel: before 5.10.0-231.0.0.130
kernel-debugsource: before 5.10.0-231.0.0.130
kernel-debuginfo: before 5.10.0-231.0.0.130
bpftool-debuginfo: before 5.10.0-231.0.0.130
bpftool: before 5.10.0-231.0.0.130
kernel: before 5.10.0-231.0.0.130
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
