openEuler 22.03 LTS SP3 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 23 |
| CVE-ID | CVE-2024-27030 CVE-2024-27074 CVE-2024-27397 CVE-2024-35785 CVE-2024-35829 CVE-2024-36244 CVE-2024-36927 CVE-2024-38608 CVE-2024-38612 CVE-2024-39495 CVE-2024-40958 CVE-2024-42289 CVE-2024-42321 CVE-2024-43880 CVE-2024-44931 CVE-2024-44952 CVE-2024-44989 CVE-2024-44990 CVE-2024-46716 CVE-2024-46817 CVE-2024-46822 CVE-2024-46859 CVE-2024-47661 |
| CWE-ID | CWE-362 CWE-401 CWE-667 CWE-388 CWE-399 CWE-908 CWE-476 CWE-416 CWE-20 CWE-125 CWE-119 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 23 vulnerabilities.
1) Race condition
EUVDB-ID: #VU91473
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27030
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rvu_queue_work(), rvu_mbox_intr_handler() and rvu_register_interrupts() functions in drivers/net/ethernet/marvell/octeontx2/af/rvu.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory leak
EUVDB-ID: #VU90453
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27074
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the go7007_load_encoder() function in drivers/media/usb/go7007/go7007-driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper locking
EUVDB-ID: #VU92027
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27397
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __nft_rbtree_insert(), nft_rbtree_deactivate() and nft_rbtree_gc() functions in net/netfilter/nft_set_rbtree.c, within the pipapo_get(), nft_pipapo_get(), nft_pipapo_insert(), pipapo_gc() and pipapo_deactivate() functions in net/netfilter/nft_set_pipapo.c, within the nft_rhash_key(), nft_rhash_cmp(), nft_rhash_lookup(), nft_rhash_get(), nft_rhash_update(), nft_rhash_insert() and nft_rhash_deactivate() functions in net/netfilter/nft_set_hash.c, within the nft_trans_gc_catchall_sync() and nf_tables_valid_genid() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper error handling
EUVDB-ID: #VU90949
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35785
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the optee_register_device() function in drivers/tee/optee/device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory leak
EUVDB-ID: #VU90446
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35829
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lima_heap_alloc() function in drivers/gpu/drm/lima/lima_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource management error
EUVDB-ID: #VU93252
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36244
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the parse_taprio_schedule() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use of uninitialized resource
EUVDB-ID: #VU90863
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36927
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the raw_sendmsg() function in net/ipv4/raw.c, within the __ip_make_skb() function in net/ipv4/ip_output.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU92341
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38608
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_resume(), _mlx5e_suspend(), mlx5e_suspend(), _mlx5e_probe() and _mlx5e_remove() functions in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU92314
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38612
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the IS_ENABLED() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU94232
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39495
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gb_interface_release() function in drivers/greybus/interface.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU94215
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40958
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in net/core/net_namespace.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU96139
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42289
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla24xx_disable_vp() function in drivers/scsi/qla2xxx/qla_mid.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Resource management error
EUVDB-ID: #VU96183
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42321
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __skb_flow_dissect() function in net/core/flow_dissector.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Resource management error
EUVDB-ID: #VU96305
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43880
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the objagg_hints_obj_cmp() and objagg_hints_get() functions in lib/objagg.c, within the mlxsw_sp_acl_erp_delta_check() and mlxsw_sp_acl_erp_root_destroy() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Memory leak
EUVDB-ID: #VU96512
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44931
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gpiochip_get_desc() function in drivers/gpio/gpiolib.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper locking
EUVDB-ID: #VU96857
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44952
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the make_driver_name() and module_remove_driver() functions in drivers/base/module.c, within the dev_uevent() and uevent_show() functions in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) NULL pointer dereference
EUVDB-ID: #VU96847
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44989
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bond_ipsec_del_sa_all() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU96848
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44990
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bond_ipsec_offload_ok() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Input validation error
EUVDB-ID: #VU97572
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46716
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the msgdma_free_descriptor() and msgdma_chan_desc_cleanup() functions in drivers/dma/altera-msgdma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Resource management error
EUVDB-ID: #VU97830
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46817
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU97798
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46822
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arch/arm64/include/asm/acpi.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds read
EUVDB-ID: #VU97791
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46859
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the DEVICE_ATTR_RW(), acpi_pcc_hotkey_resume() and acpi_pcc_hotkey_add() functions in drivers/platform/x86/panasonic-laptop.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Buffer overflow
EUVDB-ID: #VU98371
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47661
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dmub_abm_set_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c, within the dmub_abm_set_pipe() function in drivers/gpu/drm/amd/display/dc/dce/dmub_abm_lcd.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-233.0.0.135
python3-perf: before 5.10.0-233.0.0.135
perf-debuginfo: before 5.10.0-233.0.0.135
perf: before 5.10.0-233.0.0.135
kernel-tools-devel: before 5.10.0-233.0.0.135
kernel-tools-debuginfo: before 5.10.0-233.0.0.135
kernel-tools: before 5.10.0-233.0.0.135
kernel-source: before 5.10.0-233.0.0.135
kernel-headers: before 5.10.0-233.0.0.135
kernel-devel: before 5.10.0-233.0.0.135
kernel-debugsource: before 5.10.0-233.0.0.135
kernel-debuginfo: before 5.10.0-233.0.0.135
kernel: before 5.10.0-233.0.0.135
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
