openEuler 24.03 LTS update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 69 |
| CVE-ID | CVE-2024-42067 CVE-2024-42312 CVE-2024-44949 CVE-2024-44958 CVE-2024-45009 CVE-2024-45011 CVE-2024-45016 CVE-2024-45028 CVE-2024-45029 CVE-2024-46673 CVE-2024-46674 CVE-2024-46679 CVE-2024-46681 CVE-2024-46686 CVE-2024-46695 CVE-2024-46701 CVE-2024-46717 CVE-2024-46721 CVE-2024-46722 CVE-2024-46725 CVE-2024-46728 CVE-2024-46732 CVE-2024-46734 CVE-2024-46736 CVE-2024-46737 CVE-2024-46738 CVE-2024-46739 CVE-2024-46740 CVE-2024-46750 CVE-2024-46753 CVE-2024-46755 CVE-2024-46756 CVE-2024-46758 CVE-2024-46760 CVE-2024-46761 CVE-2024-46767 CVE-2024-46768 CVE-2024-46771 CVE-2024-46772 CVE-2024-46773 CVE-2024-46776 CVE-2024-46777 CVE-2024-46780 CVE-2024-46781 CVE-2024-46784 CVE-2024-46787 CVE-2024-46788 CVE-2024-46791 CVE-2024-46796 CVE-2024-46797 CVE-2024-46798 CVE-2024-46804 CVE-2024-46806 CVE-2024-46811 CVE-2024-46812 CVE-2024-46814 CVE-2024-46816 CVE-2024-46818 CVE-2024-46827 CVE-2024-46829 CVE-2024-46841 CVE-2024-46842 CVE-2024-46843 CVE-2024-46844 CVE-2024-46845 CVE-2024-46846 CVE-2024-46849 CVE-2024-46852 CVE-2024-46857 |
| CWE-ID | CWE-682 CWE-20 CWE-96 CWE-399 CWE-416 CWE-476 CWE-667 CWE-835 CWE-125 CWE-119 CWE-369 CWE-388 CWE-191 CWE-401 CWE-190 CWE-617 CWE-193 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 69 vulnerabilities.
1) Incorrect calculation
EUVDB-ID: #VU95077
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42067
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the bpf_flush_icache() function in arch/sparc/net/bpf_jit_comp_64.c, within the print_fn_code() function in arch/s390/net/bpf_jit_comp.c, within the bpf_flush_icache() function in arch/parisc/net/bpf_jit_core.c, within the bpf_int_jit_compile() function in arch/mips/net/bpf_jit_comp.c, within the flush_icache_range() and bpf_jit_binary_free() functions in arch/loongarch/net/bpf_jit.c, within the bpf_int_jit_compile() and bpf_jit_prog_release_other() functions in arch/arm/net/bpf_jit_32.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU96209
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42312
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the proc_sys_make_inode() function in fs/proc/proc_sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper neutralization of directives in statically saved code (\'static code injection\')
EUVDB-ID: #VU96884
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44949
CWE-ID:
CWE-96 - Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be possible that 2 unrelated 16-byte allocations share a cache line. If 1 of these allocations is written using DMA and the other is written using cached write, the value that was written with DMA may be corrupted. This commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 - that is the largest possible cache line size. As different parisc microarchitectures have different cache line size, we define arch_slab_minalign(), cache_line_size() and dma_get_cache_alignment() so that the kernel may tune slab cache parameters dynamically, based on the detected cache line size.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU96880
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44958
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sched_cpu_deactivate() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource management error
EUVDB-ID: #VU97191
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45009
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU97195
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45011
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the xillyusb_setup_base_eps() and setup_channels() functions in drivers/char/xillybus/xillyusb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU97169
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45016
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the netem_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU97173
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45028
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtf_test_write() function in drivers/mmc/core/mmc_test.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper locking
EUVDB-ID: #VU97180
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45029
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tegra_i2c_probe() function in drivers/i2c/busses/i2c-tegra.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU97251
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46673
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aac_init_adapter() function in drivers/scsi/aacraid/comminit.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU97252
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46674
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the st_dwc3_probe() and reset_control_assert() functions in drivers/usb/dwc3/dwc3-st.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU97269
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46679
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the speed_show() function in net/core/net-sysfs.c, within the __ethtool_get_link_ksettings() function in net/core/ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Infinite loop
EUVDB-ID: #VU97278
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46681
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the pktgen_thread_worker() and pg_net_init() functions in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) NULL pointer dereference
EUVDB-ID: #VU97260
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46686
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smb2_new_read_req() function in fs/smb/client/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper locking
EUVDB-ID: #VU97268
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46695
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smack_inode_notifysecctx() function in security/smack/smack_lsm.c, within the selinux_inode_notifysecctx() function in security/selinux/hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Infinite loop
EUVDB-ID: #VU97277
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46701
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the simple_offset_destroy(), offset_dir_llseek(), offset_dir_emit() and offset_iterate_dir() functions in fs/libfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU97571
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46717
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5e_handle_rx_cqe_mpwrq_shampo() function in drivers/net/ethernet/mellanox/mlx5/core/en_rx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU97532
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46721
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __aafs_profile_mkdir() function in security/apparmor/apparmorfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds read
EUVDB-ID: #VU97508
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46722
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_atombios_init_mc_reg_table() function in drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU97511
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46725
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_ring_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Buffer overflow
EUVDB-ID: #VU97558
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46728
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the configure_lttpr_mode_non_transparent() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Division by zero
EUVDB-ID: #VU97555
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46732
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the dc_create() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper locking
EUVDB-ID: #VU97537
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46734
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the skip_inode_logging() and btrfs_sync_file() functions in fs/btrfs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Input validation error
EUVDB-ID: #VU97570
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46736
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smb2_rename_path() function in fs/smb/client/smb2inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU97529
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46737
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_install_queue() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use-after-free
EUVDB-ID: #VU97491
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46738
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmci_resource_remove() function in drivers/misc/vmw_vmci/vmci_resource.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) NULL pointer dereference
EUVDB-ID: #VU97528
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46739
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hv_uio_channel_cb() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Use-after-free
EUVDB-ID: #VU97492
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46740
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the binder_transaction() function in drivers/android/binder.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper locking
EUVDB-ID: #VU97539
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46750
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pci_bus_lock(), pci_bus_unlock(), pci_bus_trylock(), list_for_each_entry_continue_reverse(), pci_slot_lock() and pci_slot_trylock() functions in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper error handling
EUVDB-ID: #VU97544
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46753
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the walk_up_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU97525
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46755
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/marvell/mwifiex/main.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Integer underflow
EUVDB-ID: #VU97551
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46756
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the store_target_temp() and store_tolerance() functions in drivers/hwmon/w83627ehf.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Integer underflow
EUVDB-ID: #VU97553
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46758
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the set_tcrit2(), set_tcrit1(), set_tcrit1_hyst() and set_offset() functions in drivers/hwmon/lm95234.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) NULL pointer dereference
EUVDB-ID: #VU97524
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46760
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtw_usb_init_rx() and rtw_usb_probe() functions in drivers/net/wireless/realtek/rtw88/usb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) NULL pointer dereference
EUVDB-ID: #VU97513
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46761
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pnv_php_disable_irq() function in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Incorrect calculation
EUVDB-ID: #VU97562
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46767
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the of_phy_leds() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Improper error handling
EUVDB-ID: #VU97545
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46768
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the hp_wmi_notify() function in drivers/hwmon/hp-wmi-sensors.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Memory leak
EUVDB-ID: #VU97485
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46771
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Input validation error
EUVDB-ID: #VU97567
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46772
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dcn315_populate_dml_pipes_from_context() function in drivers/gpu/drm/amd/display/dc/resource/dcn315/dcn315_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Input validation error
EUVDB-ID: #VU97565
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46773
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dm_update_mst_vcpi_slots_for_dsc() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Input validation error
EUVDB-ID: #VU97569
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46776
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the construct_phy() function in drivers/gpu/drm/amd/display/dc/link/link_factory.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Integer overflow
EUVDB-ID: #VU97550
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46777
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the udf_fill_partdesc_info() function in fs/udf/super.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Buffer overflow
EUVDB-ID: #VU97564
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46780
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nilfs_dev_revision_show(), nilfs_dev_device_size_show(), nilfs_dev_uuid_show() and nilfs_dev_volume_name_show() functions in fs/nilfs2/sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Use-after-free
EUVDB-ID: #VU97495
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46781
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_finish_roll_forward() and nilfs_salvage_orphan_logs() functions in fs/nilfs2/recovery.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper error handling
EUVDB-ID: #VU97547
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46784
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mana_destroy_txq(), mana_create_txq() and mana_destroy_rxq() functions in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Improper locking
EUVDB-ID: #VU97536
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46787
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pmdp_get_lockless() function in mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) NULL pointer dereference
EUVDB-ID: #VU97517
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46788
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the osnoise_migration_pending(), stop_kthread(), start_kthread() and start_per_cpu_kthreads() functions in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Improper locking
EUVDB-ID: #VU97535
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46791
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mcp251x_hw_wake() function in drivers/net/can/spi/mcp251x.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Use-after-free
EUVDB-ID: #VU97499
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46796
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_set_path_size() function in fs/smb/client/smb2inode.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) NULL pointer dereference
EUVDB-ID: #VU97515
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46797
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the barrier() function in arch/powerpc/lib/qspinlock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Use-after-free
EUVDB-ID: #VU97500
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46798
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_soc_dai_link_event() function in sound/soc/soc-dapm.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Resource management error
EUVDB-ID: #VU97827
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46804
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the read() and write() functions in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Resource management error
EUVDB-ID: #VU97828
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46806
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the aqua_vanjaram_switch_partition_mode() function in drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Reachable assertion
EUVDB-ID: #VU97812
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46811
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the dcn321_update_bw_bounding_box_fpu() function in drivers/gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c, within the dcn32_update_bw_bounding_box_fpu() function in drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c, within the dcn303_fpu_update_bw_bounding_box() function in drivers/gpu/drm/amd/display/dc/dml/dcn303/dcn303_fpu.c, within the dcn302_fpu_update_bw_bounding_box() function in drivers/gpu/drm/amd/display/dc/dml/dcn302/dcn302_fpu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Input validation error
EUVDB-ID: #VU97845
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46812
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ModeSupportAndSystemConfiguration() function in drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Input validation error
EUVDB-ID: #VU97844
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46814
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hdmi_14_process_transaction() and dp_11_process_transaction() functions in drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Resource management error
EUVDB-ID: #VU97829
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46816
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Input validation error
EUVDB-ID: #VU97842
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46818
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the is_pin_busy(), set_pin_busy(), set_pin_free(), dal_gpio_service_lock() and dal_gpio_service_unlock() functions in drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Input validation error
EUVDB-ID: #VU97811
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46827
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath12k_station_assoc() function in drivers/net/wireless/ath/ath12k/mac.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Improper locking
EUVDB-ID: #VU97803
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46829
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __rt_mutex_slowlock(), rt_mutex_handle_deadlock() and rt_mutex_slowlock() functions in kernel/locking/rtmutex.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Improper error handling
EUVDB-ID: #VU97814
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46841
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the walk_down_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Use-after-free
EUVDB-ID: #VU97779
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46842
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lpfc_get_sfp_info_wait() function in drivers/scsi/lpfc/lpfc_els.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Resource management error
EUVDB-ID: #VU97832
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46843
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ufshcd_remove(), ufshcd_init() and blk_mq_free_tag_set() functions in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Incorrect calculation
EUVDB-ID: #VU97833
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46844
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the setup_one_line() function in arch/um/drivers/line.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Use-after-free
EUVDB-ID: #VU97780
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46845
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the this_cpu_tmr_var() and timerlat_fd_release() functions in kernel/trace/trace_osnoise.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Improper error handling
EUVDB-ID: #VU97815
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46846
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the rockchip_spi_suspend() and rockchip_spi_resume() functions in drivers/spi/spi-rockchip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Use-after-free
EUVDB-ID: #VU97781
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46849
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the axg_card_add_tdm_loopback() function in sound/soc/meson/axg-card.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Off-by-one
EUVDB-ID: #VU97818
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46852
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the cma_heap_vm_fault() function in drivers/dma-buf/heaps/cma_heap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) NULL pointer dereference
EUVDB-ID: #VU97801
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46857
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_eswitch_set_vepa() and mlx5_eswitch_get_vepa() functions in drivers/net/ethernet/mellanox/mlx5/core/esw/legacy.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-46.0.0.51
python3-perf: before 6.6.0-46.0.0.51
perf-debuginfo: before 6.6.0-46.0.0.51
perf: before 6.6.0-46.0.0.51
kernel-tools-devel: before 6.6.0-46.0.0.51
kernel-tools-debuginfo: before 6.6.0-46.0.0.51
kernel-tools: before 6.6.0-46.0.0.51
kernel-source: before 6.6.0-46.0.0.51
kernel-headers: before 6.6.0-46.0.0.51
kernel-devel: before 6.6.0-46.0.0.51
kernel-debugsource: before 6.6.0-46.0.0.51
kernel-debuginfo: before 6.6.0-46.0.0.51
bpftool-debuginfo: before 6.6.0-46.0.0.51
bpftool: before 6.6.0-46.0.0.51
kernel: before 6.6.0-46.0.0.51
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
