openEuler 22.03 LTS SP4 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 62 |
| CVE-ID | CVE-2022-48916 CVE-2022-48952 CVE-2023-52917 CVE-2023-52918 CVE-2024-35878 CVE-2024-35990 CVE-2024-36286 CVE-2024-38605 CVE-2024-38635 CVE-2024-38667 CVE-2024-42152 CVE-2024-42301 CVE-2024-42315 CVE-2024-43841 CVE-2024-43858 CVE-2024-43867 CVE-2024-43871 CVE-2024-43894 CVE-2024-45009 CVE-2024-46675 CVE-2024-46689 CVE-2024-46722 CVE-2024-46724 CVE-2024-46757 CVE-2024-46802 CVE-2024-46830 CVE-2024-46853 CVE-2024-47667 CVE-2024-47669 CVE-2024-47684 CVE-2024-47685 CVE-2024-47692 CVE-2024-47695 CVE-2024-47698 CVE-2024-47709 CVE-2024-47710 CVE-2024-47720 CVE-2024-47735 CVE-2024-47737 CVE-2024-47757 CVE-2024-49866 CVE-2024-49867 CVE-2024-49868 CVE-2024-49875 CVE-2024-49892 CVE-2024-49894 CVE-2024-49895 CVE-2024-49900 CVE-2024-49902 CVE-2024-49903 CVE-2024-49911 CVE-2024-49927 CVE-2024-49959 CVE-2024-49965 CVE-2024-49966 CVE-2024-49969 CVE-2024-49974 CVE-2024-49985 CVE-2024-50025 CVE-2024-50036 CVE-2024-50046 CVE-2024-50049 |
| CWE-ID | CWE-667 CWE-399 CWE-476 CWE-125 CWE-119 CWE-401 CWE-191 CWE-835 CWE-20 CWE-416 CWE-908 CWE-388 CWE-682 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 62 vulnerabilities.
1) Improper locking
EUVDB-ID: #VU96436
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48916
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dmar_insert_one_dev_info() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU99158
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48952
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mt7621_pcie_register_host() function in drivers/staging/mt7621-pci/pci-mt7621.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU98973
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52917
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ndev_init_debugfs() function in drivers/ntb/hw/intel/ntb_hw_gen1.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU99254
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52918
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cx23885_video_register() function in drivers/media/pci/cx23885/cx23885-video.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU90508
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35878
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the of_modalias() function in drivers/of/module.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper locking
EUVDB-ID: #VU91513
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35990
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xilinx_dpdma_chan_vsync_irq(), xilinx_dpdma_issue_pending() and xilinx_dpdma_chan_err_task() functions in drivers/dma/xilinx/xilinx_dpdma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper locking
EUVDB-ID: #VU93036
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36286
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the instance_destroy_rcu() function in net/netfilter/nfnetlink_queue.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU93048
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38605
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_card_new() function in sound/core/init.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU93027
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38635
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sdw_cdns_alloc_pdi() function in drivers/soundwire/cadence_master.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU93168
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38667
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the cpu_update_secondary_bootdata() function in arch/riscv/kernel/cpu_ops_spinwait.c, within the sbi_cpu_start() function in arch/riscv/kernel/cpu_ops_sbi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory leak
EUVDB-ID: #VU94922
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42152
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvmet_sq_destroy() function in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU96116
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42301
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper locking
EUVDB-ID: #VU96152
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42315
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the exfat_get_dentry_set() function in fs/exfat/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Resource management error
EUVDB-ID: #VU96187
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43841
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the virt_wifi_inform_bss(), virt_wifi_connect() and virt_wifi_connect_complete() functions in drivers/net/wireless/virt_wifi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU96113
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43858
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the diSync() and diRead() functions in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Integer underflow
EUVDB-ID: #VU96301
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43867
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nouveau_gem_prime_import_sg_table() function in drivers/gpu/drm/nouveau/nouveau_prime.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory leak
EUVDB-ID: #VU96287
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43871
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in drivers/base/devres.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU96536
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43894
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Resource management error
EUVDB-ID: #VU97191
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45009
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Buffer overflow
EUVDB-ID: #VU97287
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46675
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dwc3_event_buffers_setup() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Infinite loop
EUVDB-ID: #VU97279
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46689
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the cmd_db_dev_probe() function in drivers/soc/qcom/cmd-db.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds read
EUVDB-ID: #VU97508
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46722
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_atombios_init_mc_reg_table() function in drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU97510
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46724
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the df_v1_7_get_hbm_channel_number() function in drivers/gpu/drm/amd/amdgpu/df_v1_7.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Integer underflow
EUVDB-ID: #VU97552
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46757
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the store_temp_offset() function in drivers/hwmon/nct6775.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Input validation error
EUVDB-ID: #VU97838
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46802
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the resource_build_bit_depth_reduction_params() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper locking
EUVDB-ID: #VU97804
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46830
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kvm_arch_vcpu_ioctl() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU97782
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46853
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nxp_fspi_fill_txfifo() function in drivers/spi/spi-nxp-fspi.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Input validation error
EUVDB-ID: #VU98380
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47667
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the RTL GENMASK(), to_keystone_pcie(), ks_pcie_start_link() and ks_pcie_quirk() functions in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper locking
EUVDB-ID: #VU98367
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47669
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_abort_construction() and nilfs_segctor_do_construct() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) NULL pointer dereference
EUVDB-ID: #VU98980
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47684
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/tcp.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Use of uninitialized resource
EUVDB-ID: #VU99087
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47685
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nf_reject_ip6_tcphdr_put() function in net/ipv6/netfilter/nf_reject_ipv6.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) NULL pointer dereference
EUVDB-ID: #VU98983
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47692
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __cld_pipe_inprogress_downcall() function in fs/nfsd/nfs4recover.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Out-of-bounds read
EUVDB-ID: #VU98921
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47695
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the init_conns() function in drivers/infiniband/ulp/rtrs/rtrs-clt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Out-of-bounds read
EUVDB-ID: #VU98919
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47698
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtl2832_pid_filter() function in drivers/media/dvb-frontends/rtl2832.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Resource management error
EUVDB-ID: #VU99177
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47709
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper locking
EUVDB-ID: #VU99033
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47710
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sock_hash_free() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) NULL pointer dereference
EUVDB-ID: #VU98991
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47720
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn30_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Improper locking
EUVDB-ID: #VU99025
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47735
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hns_roce_lock_cqs() and hns_roce_unlock_cqs() functions in drivers/infiniband/hw/hns/hns_roce_qp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Improper error handling
EUVDB-ID: #VU99078
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47737
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the idmap_id_to_name() function in fs/nfsd/nfs4idmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Out-of-bounds read
EUVDB-ID: #VU98913
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47757
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nilfs_btree_check_delete() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Resource management error
EUVDB-ID: #VU99146
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49866
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the osnoise_hotplug_workfn() function in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Use-after-free
EUVDB-ID: #VU98885
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49867
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the close_ctree() function in fs/btrfs/disk-io.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) NULL pointer dereference
EUVDB-ID: #VU98969
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49868
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btrfs_update_reloc_root() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Improper locking
EUVDB-ID: #VU99020
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49875
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fs/nfsd/vfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Input validation error
EUVDB-ID: #VU99224
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49892
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn21/display_rq_dlg_calc_21.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20v2.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Out-of-bounds read
EUVDB-ID: #VU98912
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49894
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Out-of-bounds read
EUVDB-ID: #VU98911
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49895
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Use of uninitialized resource
EUVDB-ID: #VU99084
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49900
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Out-of-bounds read
EUVDB-ID: #VU98910
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49902
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Use-after-free
EUVDB-ID: #VU98869
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49903
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the jfs_issue_discard() and jfs_ioc_trim() functions in fs/jfs/jfs_discard.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) NULL pointer dereference
EUVDB-ID: #VU98936
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49911
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn20_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Resource management error
EUVDB-ID: #VU99148
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49927
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ioapic_mask_entry(), __remove_pin_from_irq(), alloc_isa_irq_from_domain() and mp_irqdomain_alloc() functions in arch/x86/kernel/apic/io_apic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Improper locking
EUVDB-ID: #VU99017
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49959
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __releases() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Improper locking
EUVDB-ID: #VU99016
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49965
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_read_blocks() function in fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Improper error handling
EUVDB-ID: #VU99070
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49966
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ocfs2_local_read_info() function in fs/ocfs2/quota_local.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Out-of-bounds read
EUVDB-ID: #VU98905
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49969
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Input validation error
EUVDB-ID: #VU99220
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49974
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfs4_state_create_net() function in fs/nfsd/nfs4state.c, within the nfs4_put_copy() and nfsd4_copy() functions in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Improper locking
EUVDB-ID: #VU99013
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49985
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the stm32f7_i2c_runtime_suspend() and stm32f7_i2c_runtime_resume() functions in drivers/i2c/busses/i2c-stm32f7.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Improper locking
EUVDB-ID: #VU99001
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50025
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fnic_probe() function in drivers/scsi/fnic/fnic_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Incorrect calculation
EUVDB-ID: #VU99185
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50036
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the dst_destroy() and dst_dev_put() functions in net/core/dst.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Improper locking
EUVDB-ID: #VU98996
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50046
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs42_complete_copies() function in fs/nfs/nfs4state.c, within the handle_async_copy() function in fs/nfs/nfs42proc.c, within the nfs_alloc_server() function in fs/nfs/client.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Input validation error
EUVDB-ID: #VU99203
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50049
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dc_validate_seamless_boot_timing() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-234.0.0.133
python3-perf: before 5.10.0-234.0.0.133
perf-debuginfo: before 5.10.0-234.0.0.133
perf: before 5.10.0-234.0.0.133
kernel-tools-devel: before 5.10.0-234.0.0.133
kernel-tools-debuginfo: before 5.10.0-234.0.0.133
kernel-tools: before 5.10.0-234.0.0.133
kernel-source: before 5.10.0-234.0.0.133
kernel-headers: before 5.10.0-234.0.0.133
kernel-devel: before 5.10.0-234.0.0.133
kernel-debugsource: before 5.10.0-234.0.0.133
kernel-debuginfo: before 5.10.0-234.0.0.133
bpftool-debuginfo: before 5.10.0-234.0.0.133
bpftool: before 5.10.0-234.0.0.133
kernel: before 5.10.0-234.0.0.133
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
