openEuler 22.03 LTS SP1 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 74 |
| CVE-ID | CVE-2022-48916 CVE-2022-48946 CVE-2022-48952 CVE-2022-48967 CVE-2022-48973 CVE-2022-48977 CVE-2022-48986 CVE-2022-48988 CVE-2022-48991 CVE-2022-48994 CVE-2022-49006 CVE-2022-49007 CVE-2022-49019 CVE-2022-49029 CVE-2022-49030 CVE-2022-49033 CVE-2023-52754 CVE-2023-52855 CVE-2023-52917 CVE-2023-52918 CVE-2023-52919 CVE-2024-26917 CVE-2024-35878 CVE-2024-35990 CVE-2024-36286 CVE-2024-38635 CVE-2024-38667 CVE-2024-41015 CVE-2024-42152 CVE-2024-42301 CVE-2024-43841 CVE-2024-43858 CVE-2024-43867 CVE-2024-43871 CVE-2024-43894 CVE-2024-46675 CVE-2024-46689 CVE-2024-46722 CVE-2024-46724 CVE-2024-46757 CVE-2024-46802 CVE-2024-46830 CVE-2024-46853 CVE-2024-47667 CVE-2024-47669 CVE-2024-47684 CVE-2024-47685 CVE-2024-47695 CVE-2024-47698 CVE-2024-47709 CVE-2024-47710 CVE-2024-47720 CVE-2024-47737 CVE-2024-47757 CVE-2024-49866 CVE-2024-49867 CVE-2024-49868 CVE-2024-49875 CVE-2024-49894 CVE-2024-49895 CVE-2024-49900 CVE-2024-49902 CVE-2024-49903 CVE-2024-49911 CVE-2024-49927 CVE-2024-49959 CVE-2024-49966 CVE-2024-49969 CVE-2024-49974 CVE-2024-49985 CVE-2024-50007 CVE-2024-50025 CVE-2024-50036 CVE-2024-50049 |
| CWE-ID | CWE-667 CWE-119 CWE-399 CWE-20 CWE-388 CWE-835 CWE-190 CWE-476 CWE-125 CWE-401 CWE-191 CWE-416 CWE-908 CWE-682 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 74 vulnerabilities.
1) Improper locking
EUVDB-ID: #VU96436
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48916
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dmar_insert_one_dev_info() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU99094
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48946
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the udf_truncate_tail_extent() function in fs/udf/truncate.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU99158
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48952
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mt7621_pcie_register_host() function in drivers/staging/mt7621-pci/pci-mt7621.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU99211
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48967
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nci_add_new_protocol() function in net/nfc/nci/ntf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper error handling
EUVDB-ID: #VU99065
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48973
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ioport_unmap() and amd_gpio_exit() functions in drivers/gpio/gpio-amd8111.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU99217
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48977
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the can_rcv() and canfd_rcv() functions in net/can/af_can.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource management error
EUVDB-ID: #VU99144
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48986
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the gup_pud_range() function in mm/gup.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper locking
EUVDB-ID: #VU99197
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48988
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU99215
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48991
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the retract_page_tables() function in mm/khugepaged.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU99195
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48994
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the EXPORT_SYMBOL() and snd_seq_expand_var_event() functions in sound/core/seq/seq_memory.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Infinite loop
EUVDB-ID: #VU99119
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-49006
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the probe_remove_event_call() function in kernel/trace/trace_events.c, within the dyn_event_release() and dyn_events_release_all() functions in kernel/trace/trace_dynevent.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU99036
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-49007
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nilfs_dat_commit_free() function in fs/nilfs2/dat.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Infinite loop
EUVDB-ID: #VU99120
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-49019
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the nixge_hw_dma_bd_release() function in drivers/net/ethernet/ni/nixge.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Resource management error
EUVDB-ID: #VU99161
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-49029
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ibmpex_register_bmc() function in drivers/hwmon/ibmpex.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Integer overflow
EUVDB-ID: #VU99089
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-49030
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ring_buffer__add() function in tools/lib/bpf/ringbuf.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper locking
EUVDB-ID: #VU99009
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-49033
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the btrfs_qgroup_inherit() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU90854
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52754
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the imon_probe() function in drivers/media/rc/imon.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU90435
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52855
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/usb/dwc2/hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU98973
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52917
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ndev_init_debugfs() function in drivers/ntb/hw/intel/ntb_hw_gen1.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) NULL pointer dereference
EUVDB-ID: #VU99254
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52918
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cx23885_video_register() function in drivers/media/pci/cx23885/cx23885-video.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU99255
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52919
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the send_acknowledge() function in net/nfc/nci/spi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper locking
EUVDB-ID: #VU90778
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26917
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fcoe_ctlr_announce(), fcoe_ctlr_els_send(), fcoe_ctlr_flogi_send_locked(), fcoe_ctlr_flogi_retry() and fcoe_ctlr_flogi_send() functions in drivers/scsi/fcoe/fcoe_ctlr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) NULL pointer dereference
EUVDB-ID: #VU90508
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35878
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the of_modalias() function in drivers/of/module.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper locking
EUVDB-ID: #VU91513
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35990
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xilinx_dpdma_chan_vsync_irq(), xilinx_dpdma_issue_pending() and xilinx_dpdma_chan_err_task() functions in drivers/dma/xilinx/xilinx_dpdma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper locking
EUVDB-ID: #VU93036
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36286
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the instance_destroy_rcu() function in net/netfilter/nfnetlink_queue.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds read
EUVDB-ID: #VU93027
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38635
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sdw_cdns_alloc_pdi() function in drivers/soundwire/cadence_master.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Buffer overflow
EUVDB-ID: #VU93168
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38667
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the cpu_update_secondary_bootdata() function in arch/riscv/kernel/cpu_ops_spinwait.c, within the sbi_cpu_start() function in arch/riscv/kernel/cpu_ops_sbi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Input validation error
EUVDB-ID: #VU94842
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41015
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ocfs2_check_dir_entry(), ocfs2_search_dirblock(), __ocfs2_delete_entry(), __ocfs2_add_entry(), ocfs2_dir_foreach_blk_id(), ocfs2_dir_foreach_blk_el(), ocfs2_find_dir_space_id() and ocfs2_find_dir_space_el() functions in fs/ocfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Memory leak
EUVDB-ID: #VU94922
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42152
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvmet_sq_destroy() function in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Out-of-bounds read
EUVDB-ID: #VU96116
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42301
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Resource management error
EUVDB-ID: #VU96187
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43841
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the virt_wifi_inform_bss(), virt_wifi_connect() and virt_wifi_connect_complete() functions in drivers/net/wireless/virt_wifi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Out-of-bounds read
EUVDB-ID: #VU96113
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43858
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the diSync() and diRead() functions in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Integer underflow
EUVDB-ID: #VU96301
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43867
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nouveau_gem_prime_import_sg_table() function in drivers/gpu/drm/nouveau/nouveau_prime.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Memory leak
EUVDB-ID: #VU96287
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43871
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in drivers/base/devres.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) NULL pointer dereference
EUVDB-ID: #VU96536
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43894
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Buffer overflow
EUVDB-ID: #VU97287
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46675
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dwc3_event_buffers_setup() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Infinite loop
EUVDB-ID: #VU97279
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46689
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the cmd_db_dev_probe() function in drivers/soc/qcom/cmd-db.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Out-of-bounds read
EUVDB-ID: #VU97508
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46722
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_atombios_init_mc_reg_table() function in drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Out-of-bounds read
EUVDB-ID: #VU97510
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46724
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the df_v1_7_get_hbm_channel_number() function in drivers/gpu/drm/amd/amdgpu/df_v1_7.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Integer underflow
EUVDB-ID: #VU97552
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46757
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the store_temp_offset() function in drivers/hwmon/nct6775.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Input validation error
EUVDB-ID: #VU97838
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46802
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the resource_build_bit_depth_reduction_params() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Improper locking
EUVDB-ID: #VU97804
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46830
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kvm_arch_vcpu_ioctl() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Use-after-free
EUVDB-ID: #VU97782
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46853
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nxp_fspi_fill_txfifo() function in drivers/spi/spi-nxp-fspi.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Input validation error
EUVDB-ID: #VU98380
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47667
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the RTL GENMASK(), to_keystone_pcie(), ks_pcie_start_link() and ks_pcie_quirk() functions in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper locking
EUVDB-ID: #VU98367
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47669
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_abort_construction() and nilfs_segctor_do_construct() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) NULL pointer dereference
EUVDB-ID: #VU98980
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47684
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/tcp.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Use of uninitialized resource
EUVDB-ID: #VU99087
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47685
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nf_reject_ip6_tcphdr_put() function in net/ipv6/netfilter/nf_reject_ipv6.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Out-of-bounds read
EUVDB-ID: #VU98921
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47695
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the init_conns() function in drivers/infiniband/ulp/rtrs/rtrs-clt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Out-of-bounds read
EUVDB-ID: #VU98919
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47698
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtl2832_pid_filter() function in drivers/media/dvb-frontends/rtl2832.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Resource management error
EUVDB-ID: #VU99177
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47709
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Improper locking
EUVDB-ID: #VU99033
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47710
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sock_hash_free() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) NULL pointer dereference
EUVDB-ID: #VU98991
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47720
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn30_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Improper error handling
EUVDB-ID: #VU99078
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47737
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the idmap_id_to_name() function in fs/nfsd/nfs4idmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Out-of-bounds read
EUVDB-ID: #VU98913
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47757
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nilfs_btree_check_delete() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Resource management error
EUVDB-ID: #VU99146
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49866
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the osnoise_hotplug_workfn() function in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Use-after-free
EUVDB-ID: #VU98885
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49867
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the close_ctree() function in fs/btrfs/disk-io.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) NULL pointer dereference
EUVDB-ID: #VU98969
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49868
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btrfs_update_reloc_root() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Improper locking
EUVDB-ID: #VU99020
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49875
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fs/nfsd/vfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Out-of-bounds read
EUVDB-ID: #VU98912
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49894
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Out-of-bounds read
EUVDB-ID: #VU98911
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49895
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Use of uninitialized resource
EUVDB-ID: #VU99084
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49900
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Out-of-bounds read
EUVDB-ID: #VU98910
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49902
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Use-after-free
EUVDB-ID: #VU98869
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49903
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the jfs_issue_discard() and jfs_ioc_trim() functions in fs/jfs/jfs_discard.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) NULL pointer dereference
EUVDB-ID: #VU98936
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49911
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn20_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Resource management error
EUVDB-ID: #VU99148
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49927
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ioapic_mask_entry(), __remove_pin_from_irq(), alloc_isa_irq_from_domain() and mp_irqdomain_alloc() functions in arch/x86/kernel/apic/io_apic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Improper locking
EUVDB-ID: #VU99017
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49959
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __releases() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Improper error handling
EUVDB-ID: #VU99070
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49966
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ocfs2_local_read_info() function in fs/ocfs2/quota_local.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Out-of-bounds read
EUVDB-ID: #VU98905
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49969
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Input validation error
EUVDB-ID: #VU99220
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49974
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfs4_state_create_net() function in fs/nfsd/nfs4state.c, within the nfs4_put_copy() and nfsd4_copy() functions in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Improper locking
EUVDB-ID: #VU99013
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49985
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the stm32f7_i2c_runtime_suspend() and stm32f7_i2c_runtime_resume() functions in drivers/i2c/busses/i2c-stm32f7.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Out-of-bounds read
EUVDB-ID: #VU98902
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50007
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the HPIMSGX__init() function in sound/pci/asihpi/hpimsgx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Improper locking
EUVDB-ID: #VU99001
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50025
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fnic_probe() function in drivers/scsi/fnic/fnic_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Incorrect calculation
EUVDB-ID: #VU99185
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50036
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the dst_destroy() and dst_dev_put() functions in net/core/dst.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Input validation error
EUVDB-ID: #VU99203
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50049
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dc_validate_seamless_boot_timing() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.99.0.180
python3-perf: before 5.10.0-136.99.0.180
perf-debuginfo: before 5.10.0-136.99.0.180
perf: before 5.10.0-136.99.0.180
kernel-tools-devel: before 5.10.0-136.99.0.180
kernel-tools-debuginfo: before 5.10.0-136.99.0.180
kernel-tools: before 5.10.0-136.99.0.180
kernel-source: before 5.10.0-136.99.0.180
kernel-headers: before 5.10.0-136.99.0.180
kernel-devel: before 5.10.0-136.99.0.180
kernel-debugsource: before 5.10.0-136.99.0.180
kernel-debuginfo: before 5.10.0-136.99.0.180
kernel: before 5.10.0-136.99.0.180
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
