openEuler 22.03 LTS SP1 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 47 |
| CVE-ID | CVE-2022-48688 CVE-2022-48848 CVE-2022-48869 CVE-2022-48879 CVE-2022-48893 CVE-2022-48945 CVE-2023-0597 CVE-2023-4134 CVE-2023-52463 CVE-2023-52707 CVE-2023-52741 CVE-2023-52880 CVE-2024-36031 CVE-2024-40998 CVE-2024-42067 CVE-2024-42283 CVE-2024-42290 CVE-2024-42309 CVE-2024-42313 CVE-2024-42322 CVE-2024-43823 CVE-2024-43830 CVE-2024-43855 CVE-2024-43892 CVE-2024-43893 CVE-2024-44940 CVE-2024-44998 CVE-2024-45006 CVE-2024-45026 CVE-2024-46676 CVE-2024-46719 CVE-2024-46754 CVE-2024-46770 CVE-2024-46795 CVE-2024-46819 CVE-2024-46828 CVE-2024-46840 CVE-2024-46848 CVE-2024-46854 CVE-2024-46855 CVE-2024-46858 CVE-2024-47658 CVE-2024-47664 CVE-2024-47670 CVE-2024-47671 CVE-2024-47672 CVE-2015-3290 |
| CWE-ID | CWE-476 CWE-399 CWE-416 CWE-401 CWE-119 CWE-264 CWE-20 CWE-667 CWE-682 CWE-415 CWE-362 CWE-369 CWE-125 CWE-835 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #47 is available. |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 47 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU90515
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48688
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_notify_client_of_netdev_close() and i40e_client_subtask() functions in drivers/net/ethernet/intel/i40e/i40e_client.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU94483
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48848
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the osnoise_workload_stop() function in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU96328
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48869
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gadgetfs_init_fs_context() function in drivers/usb/gadget/legacy/inode.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU96355
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48879
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the efisubsys_init() and generic_ops_unregister() functions in drivers/firmware/efi/efi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory leak
EUVDB-ID: #VU96320
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48893
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the intel_engines_init() function in drivers/gpu/drm/i915/gt/intel_engine_cs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU97681
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48945
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the vivid_vid_cap_s_selection() function in drivers/media/platform/vivid/vivid-vid-cap.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory leak
EUVDB-ID: #VU73765
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0597
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to memory leak within the Linux kernel cpu_entry_area mapping of X86 CPU data. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU80798
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4134
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cyttsp4_watchdog_work() in cyttsp4_core driver. A local user can trigger memory corruption and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU90660
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52463
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the efivarfs_get_tree() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU90064
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52707
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the psi_trigger_destroy() function in kernel/sched/psi.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU90065
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52741
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uncached_fill_pages() and readpages_fill_pages() functions in fs/cifs/file.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU89899
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52880
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to missing permissions checks within the gsmld_open() function in drivers/tty/n_gsm.c. A local user with CAP_NET_ADMIN capability can create a GSM network.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU94121
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36031
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __key_instantiate_and_link() function in security/keys/key.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper locking
EUVDB-ID: #VU94266
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40998
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ext4_fill_super() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Incorrect calculation
EUVDB-ID: #VU95077
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42067
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the bpf_flush_icache() function in arch/sparc/net/bpf_jit_comp_64.c, within the print_fn_code() function in arch/s390/net/bpf_jit_comp.c, within the bpf_flush_icache() function in arch/parisc/net/bpf_jit_core.c, within the bpf_int_jit_compile() function in arch/mips/net/bpf_jit_comp.c, within the flush_icache_range() and bpf_jit_binary_free() functions in arch/loongarch/net/bpf_jit.c, within the bpf_int_jit_compile() and bpf_jit_prog_release_other() functions in arch/arm/net/bpf_jit_32.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Memory leak
EUVDB-ID: #VU96195
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42283
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nla_put_nh_group() function in net/ipv4/nexthop.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Resource management error
EUVDB-ID: #VU96181
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42290
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the imx_irqsteer_get_reg_index(), imx_irqsteer_irq_mask() and imx_irqsteer_probe() functions in drivers/irqchip/irq-imx-irqsteer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU96135
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42309
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the psb_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/psb_intel_lvds.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free
EUVDB-ID: #VU96109
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42313
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vdec_close() function in drivers/media/platform/qcom/venus/vdec.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Resource management error
EUVDB-ID: #VU96189
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42322
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ip_vs_add_service() function in net/netfilter/ipvs/ip_vs_ctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU96127
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43823
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ks_pcie_setup_rc_app_regs() and ks_pcie_host_init() functions in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Double free
EUVDB-ID: #VU96162
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43830
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the led_trigger_set() function in drivers/leds/led-triggers.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper locking
EUVDB-ID: #VU96147
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43855
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the md_end_flush(), submit_flushes() and md_submit_flush_data() functions in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Race condition
EUVDB-ID: #VU96546
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43892
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the MEM_CGROUP_ID_MAX(), mem_cgroup_alloc() and mem_cgroup_css_online() functions in mm/memcontrol.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper locking
EUVDB-ID: #VU96540
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43893
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the uart_set_info() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Resource management error
EUVDB-ID: #VU96553
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44940
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the NAPI_GRO_CB() function in net/ipv4/fou_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU96842
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44998
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dequeue_rx() function in drivers/atm/idt77252.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) NULL pointer dereference
EUVDB-ID: #VU96852
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45006
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_configure_endpoint() and xhci_setup_device() functions in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Buffer overflow
EUVDB-ID: #VU97188
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45026
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dasd_eckd_analysis_ccw(), dasd_eckd_build_check_tcw(), dasd_eckd_build_cp_cmd_single(), dasd_eckd_build_cp_tpm_track() and dasd_eckd_dump_sense() functions in drivers/s390/block/dasd_eckd.c, within the dasd_3990_erp_file_prot() function in drivers/s390/block/dasd_3990_erp.c, within the dasd_ese_needs_format(), dasd_int_handler() and list_for_each_entry_safe() functions in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Division by zero
EUVDB-ID: #VU97276
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46676
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the pn533_start_poll() function in drivers/nfc/pn533/pn533.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU97534
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46719
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/usb/typec/ucsi/ucsi.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Input validation error
EUVDB-ID: #VU97566
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46754
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) NULL pointer dereference
EUVDB-ID: #VU97520
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46770
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_prepare_for_reset(), ice_update_pf_netdev_link() and ice_rebuild() functions in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) NULL pointer dereference
EUVDB-ID: #VU97516
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46795
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smb2_sess_setup() function in fs/ksmbd/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) NULL pointer dereference
EUVDB-ID: #VU97797
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46819
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nbio_v7_4_handle_ras_controller_intr_no_bifring() function in drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Out-of-bounds read
EUVDB-ID: #VU97786
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46828
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Improper locking
EUVDB-ID: #VU97808
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46840
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reada_walk_down(), walk_down_proc(), do_walk_down() and walk_up_proc() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Infinite loop
EUVDB-ID: #VU97820
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46848
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the adl_get_hybrid_cpu_type() and intel_pmu_init() functions in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Memory leak
EUVDB-ID: #VU97776
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46854
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dpaa_start_xmit() function in drivers/net/ethernet/freescale/dpaa/dpaa_eth.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Memory leak
EUVDB-ID: #VU97777
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46855
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_socket_eval() function in net/netfilter/nft_socket.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Use-after-free
EUVDB-ID: #VU97783
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46858
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_pm_del_add_timer() and remove_anno_list_by_saddr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Improper locking
EUVDB-ID: #VU98369
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47658
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the stm32_cryp_irq_thread() function in drivers/crypto/stm32/stm32-cryp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Division by zero
EUVDB-ID: #VU98373
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47664
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the hisi_spi_probe() function in drivers/spi/spi-hisi-kunpeng.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Out-of-bounds read
EUVDB-ID: #VU98365
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47670
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ocfs2_listxattr(), ocfs2_xattr_find_entry(), ocfs2_xattr_ibody_get(), ocfs2_xattr_ibody_find() and ocfs2_xattr_block_find() functions in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Memory leak
EUVDB-ID: #VU98377
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47671
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usbtmc_create_urb() function in drivers/usb/class/usbtmc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Improper locking
EUVDB-ID: #VU98368
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47672
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the iwl_mvm_flush_no_vif() and iwl_mvm_mac_flush() functions in drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Security restrictions bypass
EUVDB-ID: #VU92492
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-3290
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to security restrictions bypass within the entry() function in arch/x86/entry/entry_64.s. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.97.0.178
python3-perf: before 5.10.0-136.97.0.178
perf-debuginfo: before 5.10.0-136.97.0.178
perf: before 5.10.0-136.97.0.178
kernel-tools-devel: before 5.10.0-136.97.0.178
kernel-tools-debuginfo: before 5.10.0-136.97.0.178
kernel-tools: before 5.10.0-136.97.0.178
kernel-source: before 5.10.0-136.97.0.178
kernel-headers: before 5.10.0-136.97.0.178
kernel-devel: before 5.10.0-136.97.0.178
kernel-debugsource: before 5.10.0-136.97.0.178
kernel-debuginfo: before 5.10.0-136.97.0.178
kernel: before 5.10.0-136.97.0.178
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
