Multiple vulnerabilities in Dell Storage Resource Manager (SRM) and Dell Storage Monitoring and Reporting (SMR)
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 223 |
| CVE-ID | CVE-2023-1582 CVE-2022-48851 CVE-2022-48853 CVE-2022-48856 CVE-2022-48857 CVE-2022-48858 CVE-2022-48859 CVE-2022-48860 CVE-2022-48861 CVE-2022-48862 CVE-2022-48863 CVE-2022-48866 CVE-2023-30608 CVE-2022-48847 CVE-2023-31315 CVE-2023-37453 CVE-2023-52762 CVE-2023-52766 CVE-2023-52800 CVE-2023-52885 CVE-2023-52886 CVE-2024-1737 CVE-2024-1975 CVE-2024-4076 CVE-2024-5535 CVE-2022-48849 CVE-2022-48843 CVE-2024-7264 CVE-2022-48826 CVE-2022-48814 CVE-2022-48815 CVE-2022-48816 CVE-2022-48817 CVE-2022-48818 CVE-2022-48820 CVE-2022-48821 CVE-2022-48822 CVE-2022-48823 CVE-2022-48824 CVE-2022-48825 CVE-2022-48827 CVE-2022-48842 CVE-2022-48828 CVE-2022-48829 CVE-2022-48830 CVE-2022-48831 CVE-2022-48834 CVE-2022-48835 CVE-2022-48836 CVE-2022-48837 CVE-2022-48838 CVE-2022-48839 CVE-2022-48840 CVE-2022-48841 CVE-2024-6345 CVE-2024-26583 CVE-2022-48812 CVE-2024-21134 CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21144 CVE-2024-21145 CVE-2024-21147 CVE-2024-20996 CVE-2024-21125 CVE-2024-21127 CVE-2024-21129 CVE-2024-21130 CVE-2024-21142 CVE-2024-42230 CVE-2024-21162 CVE-2024-21163 CVE-2024-21171 CVE-2024-21173 CVE-2024-21177 CVE-2024-21179 CVE-2024-21185 CVE-2024-22257 CVE-2024-22262 CVE-2024-47242 CVE-2024-34750 CVE-2024-42145 CVE-2024-26584 CVE-2024-38559 CVE-2024-26800 CVE-2024-26813 CVE-2024-26814 CVE-2024-26976 CVE-2024-35878 CVE-2024-35901 CVE-2024-35905 CVE-2024-36926 CVE-2024-36974 CVE-2024-38541 CVE-2024-38555 CVE-2024-39463 CVE-2024-42093 CVE-2024-39494 CVE-2024-40902 CVE-2024-40937 CVE-2024-40954 CVE-2024-40956 CVE-2024-40989 CVE-2024-40994 CVE-2024-41011 CVE-2024-41012 CVE-2024-41059 CVE-2024-41069 CVE-2024-41090 CVE-2022-48813 CVE-2022-48811 CVE-2022-48713 CVE-2021-47616 CVE-2021-47617 CVE-2021-47618 CVE-2021-47619 CVE-2021-47620 CVE-2021-47622 CVE-2021-47624 CVE-2022-0854 CVE-2022-20368 CVE-2022-48711 CVE-2022-48712 CVE-2022-48715 CVE-2021-47614 CVE-2022-48717 CVE-2022-48720 CVE-2022-48721 CVE-2022-48722 CVE-2022-48723 CVE-2022-48724 CVE-2022-48725 CVE-2022-48726 CVE-2022-48727 CVE-2022-48728 CVE-2022-48729 CVE-2021-47615 CVE-2021-47612 CVE-2022-48732 CVE-2021-47586 CVE-2013-4235 CVE-2021-4439 CVE-2021-47534 CVE-2021-47576 CVE-2021-47578 CVE-2021-47580 CVE-2021-47582 CVE-2021-47583 CVE-2021-47584 CVE-2021-47585 CVE-2021-47587 CVE-2021-47611 CVE-2021-47589 CVE-2021-47592 CVE-2021-47596 CVE-2021-47597 CVE-2021-47598 CVE-2021-47600 CVE-2021-47601 CVE-2021-47602 CVE-2021-47603 CVE-2021-47607 CVE-2021-47608 CVE-2021-47609 CVE-2022-48730 CVE-2022-48734 CVE-2022-48807 CVE-2022-48792 CVE-2022-48777 CVE-2022-48778 CVE-2022-48780 CVE-2022-48783 CVE-2022-48784 CVE-2022-48786 CVE-2022-48787 CVE-2022-48788 CVE-2022-48789 CVE-2022-48790 CVE-2022-48791 CVE-2022-48793 CVE-2022-48775 CVE-2022-48794 CVE-2022-48796 CVE-2022-48797 CVE-2022-48798 CVE-2022-48799 CVE-2022-48800 CVE-2022-48801 CVE-2022-48802 CVE-2022-48803 CVE-2022-48804 CVE-2022-48805 CVE-2022-48806 CVE-2022-48776 CVE-2022-48774 CVE-2022-48735 CVE-2022-48751 CVE-2022-48736 CVE-2022-48737 CVE-2022-48738 CVE-2022-48739 CVE-2022-48740 CVE-2022-48743 CVE-2022-48744 CVE-2022-48745 CVE-2022-48746 CVE-2022-48747 CVE-2022-48749 CVE-2022-48752 CVE-2022-48773 CVE-2022-48754 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760 CVE-2022-48761 CVE-2022-48763 CVE-2022-48765 CVE-2022-48767 CVE-2022-48768 CVE-2022-48769 CVE-2022-48771 |
| CWE-ID | CWE-362 CWE-416 CWE-401 CWE-835 CWE-125 CWE-400 CWE-264 CWE-119 CWE-399 CWE-617 CWE-476 CWE-667 CWE-388 CWE-682 CWE-191 CWE-20 CWE-190 CWE-908 CWE-94 CWE-284 CWE-918 CWE-613 CWE-415 CWE-193 CWE-367 CWE-369 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Dell EMC Storage Monitoring and Reporting (SMR) Server applications / SCADA systems Storage Resource Manager Other software / Other software solutions |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 223 vulnerabilities.
1) Race condition
EUVDB-ID: #VU74629
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1582
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within fs/proc/task_mmu.c. A local user can exploit the race and crash the kernel.
Install update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://lore.kernel.org/linux-mm/Yg6ac8WlwtnDH6M0@kroah.com/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU94414
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48851
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tx_complete() function in drivers/staging/gdm724x/gdm_lte.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/6dc7b87c62423bfa68139fe95e85028aab584c9a
https://git.kernel.org/stable/c/83a9c886c2b5a0d28c0b37e1736b47f38d61332a
https://git.kernel.org/stable/c/48ecdf3e29a6e514e8196691589c7dfc6c4ac169
https://git.kernel.org/stable/c/403e3afe241b62401de1f8629c9c6b9b3d69dbff
https://git.kernel.org/stable/c/6d9700b445098dbbce0caff4b8cfca214cf1e757
https://git.kernel.org/stable/c/1fb9dd3787495b4deb0efe66c58306b65691a48f
https://git.kernel.org/stable/c/d39dc79513e99147b4c158a8a9e46743e23944f5
https://git.kernel.org/stable/c/fc7f750dc9d102c1ed7bbe4591f991e770c99033
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU94397
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48853
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the Documentation/DMA-attributes.txt, include/linux/dma-mapping.h, lib/swiotlb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/c132f2ba716b5ee6b35f82226a6e5417d013d753
https://git.kernel.org/stable/c/971e5dadffd02beba1063e7dd9c3a82de17cf534
https://git.kernel.org/stable/c/8d9ac1b6665c73f23e963775f85d99679fd8e192
https://git.kernel.org/stable/c/6bfc5377a210dbda2a237f16d94d1bd4f1335026
https://git.kernel.org/stable/c/d4d975e7921079f877f828099bb8260af335508f
https://git.kernel.org/stable/c/7403f4118ab94be837ab9d770507537a8057bc63
https://git.kernel.org/stable/c/270475d6d2410ec66e971bf181afe1958dad565e
https://git.kernel.org/stable/c/ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU94396
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48856
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gfar_get_ts_info() function in drivers/net/ethernet/freescale/gianfar_ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/6263f2eb93a85ad7df504daf0c341a7fb6bbe8a6
https://git.kernel.org/stable/c/f7b3b520349193f8a82cca74daf366199e06add9
https://git.kernel.org/stable/c/21044e679ed535345042d2023f7df0ca8e897e2a
https://git.kernel.org/stable/c/f49f646f9ec296fc0afe7ae92c2bb47f23e3846c
https://git.kernel.org/stable/c/0e1b9a2078e07fb1e6e91bf8badfd89ecab1e848
https://git.kernel.org/stable/c/2ac5b58e645c66932438bb021cb5b52097ce70b0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU94412
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48857
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfc_digital_free_device() function in drivers/nfc/port100.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/205c4ec78e71cbf561794e6043da80e7bae6790f
https://git.kernel.org/stable/c/32e866ae5a7af590597ef4bcff8451bf96d5f980
https://git.kernel.org/stable/c/b1db33d4e54bc35d8db96ce143ea0ef92e23d58e
https://git.kernel.org/stable/c/cd2a5c0da0d1ddf11d1f84e9c9b1949f50f6e161
https://git.kernel.org/stable/c/2b1c85f56512d49e43bc53741fce2f508cd90029
https://git.kernel.org/stable/c/0e721b8f2ee5e11376dd55363f9ccb539d754b8a
https://git.kernel.org/stable/c/7194737e1be8fdc89d2a9382bd2f371f7ee2eda8
https://git.kernel.org/stable/c/f80cfe2f26581f188429c12bd937eb905ad3ac7b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU94411
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48858
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cmd_alloc_index() and cmd_ent_get() functions in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/1a4017926eeea56c7540cc41b42106746ee8a0ee
https://git.kernel.org/stable/c/f3331bc17449f15832c31823f27573f4c0e13e5f
https://git.kernel.org/stable/c/7c519f769f555ff7d9d4ccba3497bbb589df360a
https://git.kernel.org/stable/c/0401bfb27a91d7bdd74b1635c1aae57cbb128da6
https://git.kernel.org/stable/c/063bd355595428750803d8736a9bb7c8db67d42d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory leak
EUVDB-ID: #VU94395
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48859
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the prestera_switch_set_base_mac_addr() function in drivers/net/ethernet/marvell/prestera/prestera_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/b7c2fd1d126329340639adfb8dd2938fe4b65df7
https://git.kernel.org/stable/c/4cc66bf17220ff9631f9fa99b02a872e0ad5a08b
https://git.kernel.org/stable/c/c9ffa3e2bc451816ce0295e40063514fabf2bd36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory leak
EUVDB-ID: #VU94394
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48860
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xemaclite_of_probe() function in drivers/net/ethernet/xilinx/xilinx_emaclite.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/669172ce976608b25a2f76f3c65d47f042d125c9
https://git.kernel.org/stable/c/b7220f8e9d6c6b9594ddfb3125dad938cd478b1f
https://git.kernel.org/stable/c/8609e29611befc4bfbe7a91bb50fc65ae72ff549
https://git.kernel.org/stable/c/8ee065a7a9b6a3976c16340503677efc4d8351f6
https://git.kernel.org/stable/c/979b418b96e35f07136f77962ccfaa54cf3e30e1
https://git.kernel.org/stable/c/5e7c402892e189a7bc152b125e72261154aa585d
https://git.kernel.org/stable/c/1852854ee349881efb78ccdbbb237838975902e4
https://git.kernel.org/stable/c/b19ab4b38b06aae12442b2de95ccf58b5dc53584
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU94410
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48861
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vp_vdpa_remove() function in drivers/vdpa/virtio_pci/vp_vdpa.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/4b1743bc715a3691a63ac21b349079b07bf1b19e
https://git.kernel.org/stable/c/dc54ba9932aeaaa1a21fe214af1f446593a78274
https://git.kernel.org/stable/c/eb057b44dbe35ae14527830236a92f51de8f9184
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Infinite loop
EUVDB-ID: #VU94469
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48862
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the vhost_chr_write_iter() function in drivers/vhost/vhost.c, within the vhost_iotlb_add_range_ctx() function in drivers/vhost/iotlb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/f8d88e86e90ea1002226d7ac2430152bfea003d1
https://git.kernel.org/stable/c/d9a747e6b6561280bf1791bb24c5e9e082193dad
https://git.kernel.org/stable/c/e2ae38cf3d91837a493cb2093c87700ff3cbe667
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory leak
EUVDB-ID: #VU94393
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48863
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dsp_pipeline_destroy() and dsp_pipeline_build() functions in drivers/isdn/mISDN/dsp_pipeline.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/a3d5fcc6cf2ecbba5a269631092570aa285a24cb
https://git.kernel.org/stable/c/7777b1f795af1bb43867375d8a776080111aae1b
https://git.kernel.org/stable/c/640445d6fc059d4514ffea79eb4196299e0e2d0f
https://git.kernel.org/stable/c/c6a502c2299941c8326d029cfc8a3bc8a4607ad5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU94429
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48866
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the thrustmaster_interrupts() function in drivers/hid/hid-thrustmaster.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/3ffbe85cda7f523dad896bae08cecd8db8b555ab
https://git.kernel.org/stable/c/56185434e1e50acecee56d8f5850135009b87947
https://git.kernel.org/stable/c/fc3ef2e3297b3c0e2006b5d7b3d66965e3392036
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Resource exhaustion
EUVDB-ID: #VU75412
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-30608
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb
https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU94428
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48847
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the watch_queue_set_filter() function in kernel/watch_queue.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/648895da69ced90ca770fd941c3d9479a9d72c16
https://git.kernel.org/stable/c/1b09f28f70a5046acd64138075ae3f095238b045
https://git.kernel.org/stable/c/b36588ebbcef74583824c08352e75838d6fb4ff2
https://git.kernel.org/stable/c/c993ee0f9f81caf5767a50d1faeba39a0dc82af2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU96619
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-31315
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper validation in a model specific register (MSR). A malicious application with ring0 access can modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU80795
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-37453
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the read_descriptors() function in drivers/usb/core/sysfs.c. An attacker with physical access to the system can attach a malicious USB device, trigger an out-of-bounds read error and crash the kernel.
Install update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://syzkaller.appspot.com/bug?extid=18996170f8096c6174d0
https://lore.kernel.org/all/000000000000c0ffe505fe86c9ca@google.com/T/
https://lore.kernel.org/all/000000000000e56434059580f86e@google.com/T/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Buffer overflow
EUVDB-ID: #VU93622
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52762
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the virtblk_probe() function in drivers/block/virtio_blk.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/72775cad7f572bb2501f9ea609e1d20e68f0b38b
https://git.kernel.org/stable/c/472bd4787406bef2e8b41ee4c74d960a06a49a48
https://git.kernel.org/stable/c/017278f141141367f7d14b203e930b45b6ffffb9
https://git.kernel.org/stable/c/d667fe301dcbcb12d1d6494fc4b8abee2cb75d90
https://git.kernel.org/stable/c/fafb51a67fb883eb2dde352539df939a251851be
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Out-of-bounds read
EUVDB-ID: #VU91086
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52766
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hci_dma_irq_handler() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/d23ad76f240c0f597b7a9eb79905d246f27d40df
https://git.kernel.org/stable/c/8be39f66915b40d26ea2c18ba84b5c3d5da6809b
https://git.kernel.org/stable/c/7c2b91b30d74d7c407118ad72502d4ca28af1af6
https://git.kernel.org/stable/c/4c86cb2321bd9c72d3b945ce7f747961beda8e65
https://git.kernel.org/stable/c/45a832f989e520095429589d5b01b0c65da9b574
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free
EUVDB-ID: #VU90071
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath11k_htt_pktlog() function in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/03ed26935bebf6b6fd8a656490bf3dcc71b72679
https://git.kernel.org/stable/c/3a51e6b4da71fdfa43ec006d6abc020f3e22d14e
https://git.kernel.org/stable/c/e3199b3fac65c9f103055390b6fd07c5cffa5961
https://git.kernel.org/stable/c/423762f021825b5e57c3d6f01ff96a9ff19cdcd8
https://git.kernel.org/stable/c/69cede2a5a5f60e3f5602b901b52cb64edd2ea6c
https://git.kernel.org/stable/c/3f77c7d605b29df277d77e9ee75d96e7ad145d2d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU94326
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52885
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the svc_tcp_listen_data_ready() function in net/sunrpc/svcsock.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/c7b8c2d06e437639694abe76978e915cfb73f428
https://git.kernel.org/stable/c/dfc896c4a75cb8cd7cb2dfd9b469cf1e3f004254
https://git.kernel.org/stable/c/42725e5c1b181b757ba11d804443922982334d9b
https://git.kernel.org/stable/c/cd5ec3ee52ce4b7e283cc11facfa420c297c8065
https://git.kernel.org/stable/c/fbf4ace39b2e4f3833236afbb2336edbafd75eee
https://git.kernel.org/stable/c/ef047411887ff0845afd642d6a687819308e1a4e
https://git.kernel.org/stable/c/7e1f989055622fd086c5dfb291fc72adf5660b6f
https://git.kernel.org/stable/c/fc80fc2d4e39137869da3150ee169b40bf879287
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds read
EUVDB-ID: #VU94434
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52886
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_bMaxPacketSize0(), hub_port_init(), hub_port_connect() and usb_reset_and_verify_device() functions in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/9d241c5d9a9b7ad95c90c6520272fe404d5ac88f
https://git.kernel.org/stable/c/7fe9d87996062f5eb0ca476ad0257f79bf43aaf5
https://git.kernel.org/stable/c/8186596a663506b1124bede9fde6f243ef9f37ee
https://git.kernel.org/stable/c/b4a074b1fb222164ed7d5c0b8c922dc4a0840848
https://git.kernel.org/stable/c/b9fbfb349eacc0820f91c797d7f0a3ac7a4935b5
https://git.kernel.org/stable/c/ff33299ec8bb80cdcc073ad9c506bd79bb2ed20b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Resource management error
EUVDB-ID: #VU94710
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-1737
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling a very large number of RRs. Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://kb.isc.org/docs/cve-2024-1737
https://www.openwall.com/lists/oss-security/2024/07/23/1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Resource exhaustion
EUVDB-ID: #VU94711
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-1975
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://kb.isc.org/docs/cve-2024-1975
https://www.openwall.com/lists/oss-security/2024/07/23/1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Reachable assertion
EUVDB-ID: #VU94713
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-4076
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when serving both stale cache data and authoritative zone content. A remote attacker can send specially crafted queries to the DNS server to trigger an assertion failure and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://kb.isc.org/docs/cve-2024-4076
https://www.openwall.com/lists/oss-security/2024/07/23/1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds read
EUVDB-ID: #VU93424
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-5535
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the SSL_select_next_proto() function when using NPN. A remote attacker can send specially crafted data to the application, trigger an out-of-bounds read and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.openssl.org/news/secadv/20240627.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Resource management error
EUVDB-ID: #VU94484
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48849
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_display_framebuffer_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_display.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/fcd1d79aa943fff4fbaa0cce1d576995a7960699
https://git.kernel.org/stable/c/cb29021be49858059138f75d6311a7c35a9379b2
https://git.kernel.org/stable/c/e2b993302f40c4eb714ecf896dd9e1c5be7d4cd7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) NULL pointer dereference
EUVDB-ID: #VU94436
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48843
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL() function in drivers/gpu/drm/drm_connector.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/941e8bcd2b2ba95490738e33dfeca27168452779
https://git.kernel.org/stable/c/0ba557d330946c23559aaea2d51ea649fdeca98a
https://git.kernel.org/stable/c/3534c5c005ef99a1804ed50b8a72cdae254cabb5
https://git.kernel.org/stable/c/85271e92ae4f13aa679acaa6cf76b3c36bcb7bab
https://git.kernel.org/stable/c/62929726ef0ec72cbbe9440c5d125d4278b99894
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Out-of-bounds read
EUVDB-ID: #VU95131
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-7264
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the ASN1 parser code in the GTime2str() function. A remote attacker can trigger an out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://curl.se/docs/CVE-2024-7264.json
https://curl.se/docs/CVE-2024-7264.html
https://hackerone.com/reports/2629968
https://www.openwall.com/lists/oss-security/2024/07/31/1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper locking
EUVDB-ID: #VU94451
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48826
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vc4_dsi_host_attach() and vc4_dsi_dev_remove() functions in drivers/gpu/drm/vc4/vc4_dsi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/770d1ba9a8201ce9bee0946eb03746449b6f3b80
https://git.kernel.org/stable/c/dddd832f35096fbc5004e3a7e58fb4d2cefb8deb
https://git.kernel.org/stable/c/0a3d12ab5097b1d045e693412e6b366b7e82031b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Resource management error
EUVDB-ID: #VU94474
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48814
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vsc9953_mdio_bus_alloc() and vsc9953_mdio_bus_free() functions in drivers/net/dsa/ocelot/seville_vsc9953.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/1d13e7221035947c62800c9d3d99b4ed570e27e7
https://git.kernel.org/stable/c/0e816362d823cd46c666e64d8bffe329ee22f4cc
https://git.kernel.org/stable/c/bd488afc3b39e045ba71aab472233f2a78726e7b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Resource management error
EUVDB-ID: #VU94471
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48815
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bcm_sf2_mdio_register() function in drivers/net/dsa/bcm_sf2.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/2770b795294ed312375c11ef1d0b810499c66b83
https://git.kernel.org/stable/c/caabb5f64f5c32fceed93356bb688ef1ec6c5783
https://git.kernel.org/stable/c/08e1a3554e99a1a5bd2835907381e2383ee85cae
https://git.kernel.org/stable/c/08f1a20822349004bb9cc1b153ecb516e9f2889d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper locking
EUVDB-ID: #VU94452
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48816
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xs_get_srcport() function in net/sunrpc/xprtsock.c, within the rpc_sysfs_xprt_srcaddr_show() function in net/sunrpc/sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/9482ab4540f5bcc869b44c067ae99b5fca16bd07
https://git.kernel.org/stable/c/b49ea673e119f59c71645e2f65b3ccad857c90ee
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Resource management error
EUVDB-ID: #VU94473
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48817
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ar9331_sw_mbus_init() and ar9331_sw_remove() functions in drivers/net/dsa/qca/ar9331.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/475ce5dcf2d88fd4f3c213a0ac944e3e40702970
https://git.kernel.org/stable/c/aae1c6a1d3d696fc33b609fb12fe744a556d1dc5
https://git.kernel.org/stable/c/f1842a8cb71de4d7eb75a86f76e88c7ee739218c
https://git.kernel.org/stable/c/50facd86e9fbc4b93fe02e5fe05776047f45dbfb
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper error handling
EUVDB-ID: #VU94461
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48818
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mv88e6xxx_mdio_register() and mv88e6xxx_mdios_unregister() functions in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/8ccebe77df6e0d88c72ba5e69cf1835927e53b6c
https://git.kernel.org/stable/c/8b626d45127d6f5ada7d815b83cfdc09e8cb1394
https://git.kernel.org/stable/c/1b451c3994a2d322f8e55032c62c8b47b7d95900
https://git.kernel.org/stable/c/f53a2ce893b2c7884ef94471f170839170a4eba0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Memory leak
EUVDB-ID: #VU94404
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48820
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the stm32_usbphyc_pll_enable() function in drivers/phy/st/phy-stm32-usbphyc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/94b16ca86ab688ed6fad4548f70137f93cf1f0a9
https://git.kernel.org/stable/c/0ad1a88fa3eb0ded7798f52b79bc33f75fc9a6d2
https://git.kernel.org/stable/c/cfc826c88a79e22ba5d8001556eb2c7efd8a01b6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Use-after-free
EUVDB-ID: #VU94417
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48821
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fastrpc_dmabuf_alloc() function in drivers/misc/fastrpc.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/4e6fd2b5fcf8e7119305a6042bd92e7f2b9ed215
https://git.kernel.org/stable/c/a5ce7ee5fcc07583159f54ab4af5164de00148f5
https://git.kernel.org/stable/c/e4382d0a39f9a1e260d62fdc079ddae5293c037d
https://git.kernel.org/stable/c/76f85c307ef9f10aa2cef1b1d5ee654c1f3345fc
https://git.kernel.org/stable/c/46963e2e0629cb31c96b1d47ddd89dc3d8990b34
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Memory leak
EUVDB-ID: #VU94403
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48822
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ffs_data_put(), ffs_data_new(), ffs_epfiles_destroy() and ffs_func_eps_disable() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/32048f4be071f9a6966744243f1786f45bb22dc2
https://git.kernel.org/stable/c/cfe5f6fd335d882bcc829a1c8a7d462a455c626e
https://git.kernel.org/stable/c/c9fc422c9a43e3d58d246334a71f3390401781dc
https://git.kernel.org/stable/c/0042178a69eb77a979e36a50dcce9794a3140ef8
https://git.kernel.org/stable/c/72a8aee863af099d4434314c4536d6c9a61dcf3c
https://git.kernel.org/stable/c/3e078b18753669615301d946297bafd69294ad2c
https://git.kernel.org/stable/c/ebe2b1add1055b903e2acd86b290a85297edc0b3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Incorrect calculation
EUVDB-ID: #VU94488
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48823
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the qedf_initiate_cleanup() function in drivers/scsi/qedf/qedf_io.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/7cc32ff0cd6c44a3c26de5faecfe8b5546198fad
https://git.kernel.org/stable/c/87f187e5265bc8e3b38faef8b9db864cdd61dde7
https://git.kernel.org/stable/c/6be8eaad75ca73131e2a697f0270dc8ee73814a8
https://git.kernel.org/stable/c/7fcbed38503bb34c6e6538b6a9482d1c6bead1e8
https://git.kernel.org/stable/c/5239ab63f17cee643bd4bf6addfedebaa7d4f41e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) NULL pointer dereference
EUVDB-ID: #VU94445
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48824
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the myrs_cleanup() function in drivers/scsi/myrs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/5c5ceea00c8c9df150708e66cb9f2891192c1162
https://git.kernel.org/stable/c/0e42c4a3d732517edc3766dd45a14e60d29dd929
https://git.kernel.org/stable/c/6207f35c213f6cb2fc3f13b5e77f08c710e1de19
https://git.kernel.org/stable/c/1d6cd26605b4d662063a83c15c776b5299a1cb23
https://git.kernel.org/stable/c/4db09593af0b0b4d7d4805ebb3273df51d7cc30d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Resource management error
EUVDB-ID: #VU94485
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48825
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qedf_vport_create() function in drivers/scsi/qedf/qedf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/aa7352aa155e19815b41f09f114fe9f110fde4d8
https://git.kernel.org/stable/c/1f53bbf27a876f7e61262bd74c18680ac11d4c31
https://git.kernel.org/stable/c/0be556512cd0dfcf5ec1a140d9f42d88221a5d4e
https://git.kernel.org/stable/c/b70a99fd13282d7885f69bf1372e28b7506a1613
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Buffer overflow
EUVDB-ID: #VU94479
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48827
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nfsd4_encode_read() and nfsd4_encode_read_plus() functions in fs/nfsd/nfs4xdr.c, within the nfsd4_read() function in fs/nfsd/nfs4proc.c, within the nfsd3_proc_read() function in fs/nfsd/nfs3proc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/1726a39b0879acfb490b22dca643f26f4f907da9
https://git.kernel.org/stable/c/c6eff5c4277146a78b4fb8c9b668dd64542c41b0
https://git.kernel.org/stable/c/44502aca8e02ab32d6b0eb52e006a5ec9402719b
https://git.kernel.org/stable/c/0cb4d23ae08c48f6bf3c29a8e5c4a74b8388b960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Improper locking
EUVDB-ID: #VU94446
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48842
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ice_service_task() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/a9bbacc53d1f5ed8febbfdf31401d20e005f49ef
https://git.kernel.org/stable/c/e1014fc5572375658fa421531cedb6e084f477dc
https://git.kernel.org/stable/c/5cb1ebdbc4342b1c2ce89516e19808d64417bdbc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Integer underflow
EUVDB-ID: #VU94466
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48828
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nfsd_setattr() function in fs/nfsd/vfs.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/38d02ba22e43b6fc7d291cf724bc6e3b7be6626b
https://git.kernel.org/stable/c/8e0ecaf7a7e57b30284d6b3289cc436100fadc48
https://git.kernel.org/stable/c/da22ca1ad548429d7822011c54cfe210718e0aa7
https://git.kernel.org/stable/c/e6faac3f58c7c4176b66f63def17a34232a17b0e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Input validation error
EUVDB-ID: #VU94492
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48829
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the svcxdr_decode_sattr3() function in fs/nfsd/nfs3xdr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/a231ae6bb50e7c0a9e9efd7b0d10687f1d71b3a3
https://git.kernel.org/stable/c/37f2d2cd8eadddbbd9c7bda327a9393399b2f89b
https://git.kernel.org/stable/c/aa9051ddb4b378bd22e72a67bc77b9fc1482c5f0
https://git.kernel.org/stable/c/a648fdeb7c0e17177a2280344d015dba3fbe3314
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper locking
EUVDB-ID: #VU94450
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48830
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the LIST_HEAD(), isotp_rcv() and isotp_init() functions in net/can/isotp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/7b53d2204ce79b27a878074a77d64f40ec21dbca
https://git.kernel.org/stable/c/f90cc68f9f4b5d8585ad5d0a206a9d37ac299ef3
https://git.kernel.org/stable/c/5b068f33bc8acfcfd5ea7992a2dafb30d89bad30
https://git.kernel.org/stable/c/7c759040c1dd03954f650f147ae7175476d51314
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Memory leak
EUVDB-ID: #VU94402
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48831
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the asymmetric_verify() function in security/integrity/digsig_asymmetric.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/0838d6d68182f0b28a5434bc6d50727c4757e35b
https://git.kernel.org/stable/c/89f586d3398f4cc0432ed870949dffb702940754
https://git.kernel.org/stable/c/926fd9f23b27ca6587492c3f58f4c7f4cd01dad5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Resource management error
EUVDB-ID: #VU94481
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48834
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the usbtmc_ioctl_request() function in drivers/usb/class/usbtmc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/700a0715854c1e79a73341724ce4f5bb01abc016
https://git.kernel.org/stable/c/10a805334a11acd547602d6c4cf540a0f6ab5c6e
https://git.kernel.org/stable/c/c69aef9db878ab277068a8cc1b4bf0cf309dc2b7
https://git.kernel.org/stable/c/5f6a2d63c68c12cf61259df7c3527a0e05dce952
https://git.kernel.org/stable/c/e9b667a82cdcfe21d590344447d65daed52b353b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Improper locking
EUVDB-ID: #VU94448
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48835
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mpt3sas_base_sync_reply_irqs() function in drivers/scsi/mpt3sas/mpt3sas_base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/98e7a654a5bebaf1a28e987af5e44c002544a413
https://git.kernel.org/stable/c/0cd2dd4bcf4abc812148c4943f966a3c8dccb00f
https://git.kernel.org/stable/c/3916e33b917581e2b2086e856c291cb86ea98a05
https://git.kernel.org/stable/c/69ad4ef868c1fc7609daa235dfa46d28ba7a3ba3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improper locking
EUVDB-ID: #VU94447
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48836
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the aiptek_probe() function in drivers/input/tablet/aiptek.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/57277a8b5d881e02051ba9d7f6cb3f915c229821
https://git.kernel.org/stable/c/fc8033a55e2796d21e370260a784ac9fbb8305a6
https://git.kernel.org/stable/c/6de20111cd0bb7da9b2294073ba00c7d2a6c1c4f
https://git.kernel.org/stable/c/e732b0412f8c603d1e998f3bff41b5e7d5c3914c
https://git.kernel.org/stable/c/f0d43d22d24182b94d7eb78a2bf6ae7e2b33204a
https://git.kernel.org/stable/c/e762f57ff255af28236cd02ca9fc5c7e5a089d31
https://git.kernel.org/stable/c/35069e654bcab567ff8b9f0e68e1caf82c15dcd7
https://git.kernel.org/stable/c/5600f6986628dde8881734090588474f54a540a8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Integer overflow
EUVDB-ID: #VU94465
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48837
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the rndis_set_response() function in drivers/usb/gadget/function/rndis.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/8b3e4d26bc9cd0f6373d0095b9ffd99e7da8006b
https://git.kernel.org/stable/c/c7953cf03a26876d676145ce5d2ae6d8c9630b90
https://git.kernel.org/stable/c/138d4f739b35dfb40438a0d5d7054965763bfbe7
https://git.kernel.org/stable/c/21829376268397f9fd2c35cfa9135937b6aa3a1e
https://git.kernel.org/stable/c/28bc0267399f42f987916a7174e2e32f0833cc65
https://git.kernel.org/stable/c/56b38e3ca4064041d93c1ca18828c8cedad2e16c
https://git.kernel.org/stable/c/df7e088d51cdf78b1a0bf1f3d405c2593295c7b0
https://git.kernel.org/stable/c/65f3324f4b6fed78b8761c3b74615ecf0ffa81fa
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Use-after-free
EUVDB-ID: #VU94415
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48838
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the usb_gadget_remove_driver(), udc_bind_to_driver() and dev_err() functions in drivers/usb/gadget/udc/core.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/4325124dde6726267813c736fee61226f1d38f0b
https://git.kernel.org/stable/c/e2d3a7009e505e120805f449c832942660f3f7f3
https://git.kernel.org/stable/c/609a7119bffe3ddd7c93f2fa65be8917e02a0b7e
https://git.kernel.org/stable/c/2282a6eb6d4e118e294e43dcc421e0e0fe4040b5
https://git.kernel.org/stable/c/00bdd9bf1ac6d401ad926d3d8df41b9f1399f646
https://git.kernel.org/stable/c/2015c23610cd0efadaeca4d3a8d1dae9a45aa35a
https://git.kernel.org/stable/c/27d64436984fb8835a8b7e95993193cc478b162e
https://git.kernel.org/stable/c/16b1941eac2bd499f065a6739a40ce0011a3d740
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Memory leak
EUVDB-ID: #VU94392
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48839
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpacket_rcv() and packet_recvmsg() functions in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/b9d5772d60f8e7ef34e290f72fc20e3a4883e7d0
https://git.kernel.org/stable/c/b1e27cda1e3c12b705875bb7e247a97168580e33
https://git.kernel.org/stable/c/a33dd1e6693f80d805155b3f69c18c2f642915da
https://git.kernel.org/stable/c/268dcf1f7b3193bc446ec3d14e08a240e9561e4d
https://git.kernel.org/stable/c/70b7b3c055fd4a464da8da55ff4c1f84269f9b02
https://git.kernel.org/stable/c/a055f5f2841f7522b44a2b1eccb1951b4b03d51a
https://git.kernel.org/stable/c/ef591b35176029fdefea38e8388ffa371e18f4b2
https://git.kernel.org/stable/c/c700525fcc06b05adfea78039de02628af79e07a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Use of uninitialized resource
EUVDB-ID: #VU94463
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48840
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the iavf_remove() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/80974bb730270199c6fcb189af04d5945b87e813
https://git.kernel.org/stable/c/4477b9a4193b35eb3a8afd2adf2d42add2f88d57
https://git.kernel.org/stable/c/b04683ff8f0823b869c219c78ba0d974bddea0b5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) NULL pointer dereference
EUVDB-ID: #VU94435
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48841
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_update_vsi_tx_ring_stats() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/2397270ec97c5e3009a58ac110a25e1869e9d6ff
https://git.kernel.org/stable/c/f153546913bada41a811722f2c6d17c3243a0333
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Code Injection
EUVDB-ID: #VU95339
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-6345
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when processing URL in the package_index module of pypa/setuptools. A remote attacker can send a specially crafted request and execute arbitrary code on the target system via download functions.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5
https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Race condition
EUVDB-ID: #VU87596
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26583
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition between async notify and socket close in TLS implementation in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system, trigger a race condition and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/aec7961916f3f9e88766e2688992da6980f11b8d
https://git.kernel.org/stable/c/7a3ca06d04d589deec81f56229a9a9d62352ce01
https://git.kernel.org/stable/c/86dc27ee36f558fe223dbdfbfcb6856247356f4a
https://git.kernel.org/stable/c/6209319b2efdd8524691187ee99c40637558fa33
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Resource management error
EUVDB-ID: #VU94476
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48812
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the gswip_mdio_rd(), gswip_mdio(), gswip_mdio_mask() and gswip_remove() functions in drivers/net/dsa/lantiq_gswip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/e177d2e85ebcd3008c4b2abc293f4118e04eedef
https://git.kernel.org/stable/c/b5652bc50dde7b84e93dfb25479b64b817e377c1
https://git.kernel.org/stable/c/2443ba2fe396bdde187a2fdfa6a57375643ae93c
https://git.kernel.org/stable/c/0d120dfb5d67edc5bcd1804e167dba2b30809afd
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Improper input validation
EUVDB-ID: #VU94585
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21134
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform service disruption.
The vulnerability exists due to improper input validation within the Server: Connection Handling component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Improper input validation
EUVDB-ID: #VU94559
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21131
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Improper input validation
EUVDB-ID: #VU94560
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21138
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Improper input validation
EUVDB-ID: #VU94557
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21140
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Improper input validation
EUVDB-ID: #VU94558
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21144
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Concurrency component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Improper input validation
EUVDB-ID: #VU94556
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21145
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the 2D component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Improper input validation
EUVDB-ID: #VU94555
Risk: Medium
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21147
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Improper input validation
EUVDB-ID: #VU94570
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-20996
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Improper input validation
EUVDB-ID: #VU94569
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21125
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Improper input validation
EUVDB-ID: #VU94577
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21127
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Improper input validation
EUVDB-ID: #VU94578
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21129
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Improper input validation
EUVDB-ID: #VU94579
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21130
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Improper input validation
EUVDB-ID: #VU94584
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21142
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Resource management error
EUVDB-ID: #VU95062
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42230
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the define_machine() function in arch/powerpc/platforms/pseries/setup.c, within the pseries_kexec_cpu_down() function in arch/powerpc/platforms/pseries/kexec.c, within the default_machine_kexec() function in arch/powerpc/kexec/core_64.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/c550679d604798d9fed8a5b2bb5693448a25407c
https://git.kernel.org/stable/c/d10e3c39001e9194b9a1bfd6979bd3fa19dccdc5
https://git.kernel.org/stable/c/8c6506616386ce37e59b2745fc481c6713fae4f3
https://git.kernel.org/stable/c/21a741eb75f80397e5f7d3739e24d7d75e619011
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Improper input validation
EUVDB-ID: #VU94582
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21162
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Improper input validation
EUVDB-ID: #VU94567
Risk: Medium
CVSSv4.0: 4.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21163
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Improper input validation
EUVDB-ID: #VU94564
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21171
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Improper input validation
EUVDB-ID: #VU94574
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21173
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Improper input validation
EUVDB-ID: #VU94563
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21177
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Improper input validation
EUVDB-ID: #VU94575
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21179
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Improper input validation
EUVDB-ID: #VU94576
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21185
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Improper access control
EUVDB-ID: #VU87607
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-22257
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions when the "AuthenticatedVoter#vote" passing a "null" Authentication parameter. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://spring.io/security/cve-2024-22257
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU89801
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-22262
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input when parsing URL with the UriComponentsBuilder component. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
Note, this vulnerability exists due to incomplete fix for #VU87614 (CVE-2024-22259) and #VU86695 (CVE-2024-22243).
Install update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://spring.io/security/cve-2024-22262
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Insufficient Session Expiration
EUVDB-ID: #VU100042
Risk: Low
CVSSv4.0: 0.1 [CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47242
CWE-ID:
CWE-613 - Insufficient Session Expiration
Exploit availability: No
DescriptionThe vulnerability allows an adjacent user to gain access to sensitive information.
The vulnerability exists due to insufficient session expiration issue. An adjacent user can obtain or guess session token and gain unauthorized access to session that belongs to another user.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Resource management error
EUVDB-ID: #VU93732
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-34750
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling HTTP/2 stream. A remote attacker can initiate multiple HTTP/2 connections to the server that are remain open and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.90
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.25
https://lists.apache.org/thread/hmw3txqzzbc1yp2t5cg4dsws0n92ly0f
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Buffer overflow
EUVDB-ID: #VU95054
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42145
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcb
https://git.kernel.org/stable/c/b4913702419d064ec4c4bbf7270643c95cc89a1b
https://git.kernel.org/stable/c/62349fbf86b5e13b02721bdadf98c29afd1e7b5f
https://git.kernel.org/stable/c/d73cb8862e4d6760ccc94d3b57b9ef6271400607
https://git.kernel.org/stable/c/63d202d948bb6d3a28cd8e8b96b160fa53e18baa
https://git.kernel.org/stable/c/b8c5f635997f49c625178d1a0cb32a80ed33abe6
https://git.kernel.org/stable/c/a6627fba793cc75b7365d9504a0095fb2902dda4
https://git.kernel.org/stable/c/ca0b44e20a6f3032224599f02e7c8fb49525c894
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Error handling
EUVDB-ID: #VU89001
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26584
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when handling backlogging of crypto requests in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/8590541473188741055d27b955db0777569438e3
https://git.kernel.org/stable/c/13eca403876bbea3716e82cdfe6f1e6febb38754
https://git.kernel.org/stable/c/ab6397f072e5097f267abf5cb08a8004e6b17694
https://git.kernel.org/stable/c/cd1bbca03f3c1d845ce274c0d0a66de8e5929f72
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Out-of-bounds read
EUVDB-ID: #VU92328
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38559
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95
https://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59
https://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c
https://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255
https://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613
https://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d
https://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8
https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9
https://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Use-after-free
EUVDB-ID: #VU90210
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the struct_group(), tls_do_decryption() and tls_decrypt_sg() functions in net/tls/tls_sw.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/81be85353b0f5a7b660635634b655329b429eefe
https://git.kernel.org/stable/c/1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1
https://git.kernel.org/stable/c/f2b85a4cc763841843de693bbd7308fe9a2c4c89
https://git.kernel.org/stable/c/13114dc5543069f7b97991e3b79937b6da05f5b0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) NULL pointer dereference
EUVDB-ID: #VU90588
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26813
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vfio_platform_set_irq_unmask(), vfio_automasked_irq_handler(), vfio_irq_handler(), vfio_set_trigger(), vfio_platform_set_irq_trigger(), vfio_platform_set_irqs_ioctl(), vfio_platform_irq_init() and vfio_platform_irq_cleanup() functions in drivers/vfio/platform/vfio_platform_irq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/7932db06c82c5b2f42a4d1a849d97dba9ce4a362
https://git.kernel.org/stable/c/62d4e43a569b67929eb3319780be5359694c8086
https://git.kernel.org/stable/c/d6bedd6acc0bcb1e7e010bc046032e47f08d379f
https://git.kernel.org/stable/c/0f8d8f9c2173a541812dd750529f4a415117eb29
https://git.kernel.org/stable/c/675daf435e9f8e5a5eab140a9864dfad6668b375
https://git.kernel.org/stable/c/cc5838f19d39a5fef04c468199699d2a4578be3a
https://git.kernel.org/stable/c/07afdfd8a68f9eea8db0ddc4626c874f29d2ac5e
https://git.kernel.org/stable/c/09452c8fcbd7817c06e8e3212d99b45917e603a5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Improper error handling
EUVDB-ID: #VU92058
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26814
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vfio_fsl_mc_set_irq_trigger() function in drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/083e750c9f5f4c3bf61161330fb84d7c8e8bb417
https://git.kernel.org/stable/c/ee0bd4ad780dfbb60355b99f25063357ab488267
https://git.kernel.org/stable/c/de87511fb0404d23b6da5f4660383b6ed095e28d
https://git.kernel.org/stable/c/6ec0d88166dac43f29e96801c0927d514f17add9
https://git.kernel.org/stable/c/7447d911af699a15f8d050dfcb7c680a86f87012
https://git.kernel.org/stable/c/250219c6a556f8c69c5910fca05a59037e24147d
https://git.kernel.org/stable/c/a563fc18583ca4f42e2fdd0c70c7c618288e7ede
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Improper locking
EUVDB-ID: #VU90774
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26976
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the async_pf_execute(), kvm_clear_async_pf_completion_queue(), kvm_check_async_pf_completion() and kvm_setup_async_pf() functions in virt/kvm/async_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/ab2c2f5d9576112ad22cfd3798071cb74693b1f5
https://git.kernel.org/stable/c/82e25cc1c2e93c3023da98be282322fc08b61ffb
https://git.kernel.org/stable/c/f8730d6335e5f43d09151fca1f0f41922209a264
https://git.kernel.org/stable/c/83d3c5e309611ef593e2fcb78444fc8ceedf9bac
https://git.kernel.org/stable/c/b54478d20375874aeee257744dedfd3e413432ff
https://git.kernel.org/stable/c/a75afe480d4349c524d9c659b1a5a544dbc39a98
https://git.kernel.org/stable/c/4f3a3bce428fb439c66a578adc447afce7b4a750
https://git.kernel.org/stable/c/caa9af2e27c275e089d702cfbaaece3b42bca31b
https://git.kernel.org/stable/c/3d75b8aa5c29058a512db29da7cbee8052724157
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) NULL pointer dereference
EUVDB-ID: #VU90508
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35878
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the of_modalias() function in drivers/of/module.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/e4a449368a2ce6d57a775d0ead27fc07f5a86e5b
https://git.kernel.org/stable/c/544561dc56f7e69a053c25e11e6170f48bb97898
https://git.kernel.org/stable/c/a1aa5390cc912934fee76ce80af5f940452fa987
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Resource management error
EUVDB-ID: #VU93192
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35901
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mana_get_rxbuf_cfg() function in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/ca58927b00385005f488b6a9905ced7a4f719aad
https://git.kernel.org/stable/c/05cb7c41fa1a7a7b2c2a6b81bbe7c67f5c11932b
https://git.kernel.org/stable/c/c0de6ab920aafb56feab56058e46b688e694a246
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Out-of-bounds read
EUVDB-ID: #VU90307
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35905
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the check_stack_access_within_bounds() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/9970e059af471478455f9534e8c3db82f8c5496d
https://git.kernel.org/stable/c/37dc1718dc0c4392dbfcb9adec22a776e745dd69
https://git.kernel.org/stable/c/98cdac206b112bec63852e94802791e316acc2c1
https://git.kernel.org/stable/c/3f0784b2f1eb9147973d8c43ba085c5fdf44ff69
https://git.kernel.org/stable/c/203a68151e8eeb331d4a64ab78303f3a15faf103
https://git.kernel.org/stable/c/ecc6a2101840177e57c925c102d2d29f260d37c8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) NULL pointer dereference
EUVDB-ID: #VU90384
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36926
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pci_dma_bus_setup_pSeriesLP() function in arch/powerpc/platforms/pseries/iommu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/7fb5793c53f8c024e3eae9f0d44eb659aed833c4
https://git.kernel.org/stable/c/802b13b79ab1fef66c6852fc745cf197dca0cb15
https://git.kernel.org/stable/c/2bed905a72485a2b79a001bd7e66c750942d2155
https://git.kernel.org/stable/c/49a940dbdc3107fecd5e6d3063dc07128177e058
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Input validation error
EUVDB-ID: #VU93310
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36974
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the taprio_parse_mqprio_opt() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/f921a58ae20852d188f70842431ce6519c4fdc36
https://git.kernel.org/stable/c/0bf6cc96612bd396048f57d63f1ad454a846e39c
https://git.kernel.org/stable/c/724050ae4b76e4fae05a923cb54101d792cf4404
https://git.kernel.org/stable/c/c37a27a35eadb59286c9092c49c241270c802ae2
https://ssd-disclosure.com/ssd-advisory-linux-kernel-taprio-oob
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Buffer overflow
EUVDB-ID: #VU92376
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38541
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the of_modalias() function in drivers/of/module.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/0b0d5701a8bf02f8fee037e81aacf6746558bfd6
https://git.kernel.org/stable/c/ee332023adfd5882808f2dabf037b32d6ce36f9e
https://git.kernel.org/stable/c/e45b69360a63165377b30db4a1dfddd89ca18e9a
https://git.kernel.org/stable/c/cf7385cb26ac4f0ee6c7385960525ad534323252
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Use-after-free
EUVDB-ID: #VU92307
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38555
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cmd_comp_notifier() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3
https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0
https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396
https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb
https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7
https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a
https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Use-after-free
EUVDB-ID: #VU93322
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39463
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the v9fs_cached_dentry_delete() function in fs/9p/vfs_dentry.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/cb299cdba09f46f090b843d78ba26b667d50a456
https://git.kernel.org/stable/c/f0c5c944c6d8614c19e6e9a97fd2011dcd30e8f5
https://git.kernel.org/stable/c/fe17ebf22feb4ad7094d597526d558a49aac92b4
https://git.kernel.org/stable/c/c898afdc15645efb555acb6d85b484eb40a45409
https://www.zerodayinitiative.com/advisories/ZDI-24-1194/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Buffer overflow
EUVDB-ID: #VU95039
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42093
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dpaa2_eth_xdp_xmit() and update_xps() functions in drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/b2262b3be27cee334a2fa175ae3afb53f38fb0b1
https://git.kernel.org/stable/c/763896ab62a672d728f5eb10ac90d98c607a8509
https://git.kernel.org/stable/c/a55afc0f5f20ba30970aaf7271929dc00eee5e7d
https://git.kernel.org/stable/c/48147337d7efdea6ad6e49f5b8eb894b95868ef0
https://git.kernel.org/stable/c/69f49527aea12c23b78fb3d0a421950bf44fb4e2
https://git.kernel.org/stable/c/5e4f25091e6d06e99a23f724c839a58a8776a527
https://git.kernel.org/stable/c/d33fe1714a44ff540629b149d8fab4ac6967585c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Use-after-free
EUVDB-ID: #VU94223
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39494
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ima_eventname_init_common() function in security/integrity/ima/ima_template_lib.c, within the ima_collect_measurement() and ima_d_path() functions in security/integrity/ima/ima_api.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/7fb374981e31c193b1152ed8d3b0a95b671330d4
https://git.kernel.org/stable/c/dd431c3ac1fc34a9268580dd59ad3e3c76b32a8c
https://git.kernel.org/stable/c/a78a6f0da57d058e2009e9958fdcef66f165208c
https://git.kernel.org/stable/c/be84f32bb2c981ca670922e047cdde1488b233de
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Buffer overflow
EUVDB-ID: #VU94296
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40902
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ea_get() function in fs/jfs/xattr.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/f0dedb5c511ed82cbaff4997a8decf2351ba549f
https://git.kernel.org/stable/c/1e84c9b1838152a87cf453270a5fa75c5037e83a
https://git.kernel.org/stable/c/fc745f6e83cb650f9a5f2c864158e3a5ea76dad0
https://git.kernel.org/stable/c/480e5bc21f2c42d90c2c16045d64d824dcdd5ec7
https://git.kernel.org/stable/c/33aecc5799c93d3ee02f853cb94e201f9731f123
https://git.kernel.org/stable/c/4598233d9748fe4db4e13b9f473588aa25e87d69
https://git.kernel.org/stable/c/b537cb2f4c4a1357479716a9c339c0bda03d873f
https://git.kernel.org/stable/c/7c55b78818cfb732680c4a72ab270cc2d2ee3d0f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Double free
EUVDB-ID: #VU94289
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40937
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the gve_rx_skb_hash() and gve_rx_poll_dqo() functions in drivers/net/ethernet/google/gve/gve_rx_dqo.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/75afd8724739ee5ed8165acde5f6ac3988b485cc
https://git.kernel.org/stable/c/d221284991118c0ab16480b53baecd857c0bc442
https://git.kernel.org/stable/c/2ce5341c36993b776012601921d7688693f8c037
https://git.kernel.org/stable/c/a68184d5b420ea4fc7e6b7ceb52bbc66f90d3c50
https://git.kernel.org/stable/c/6f4d93b78ade0a4c2cafd587f7b429ce95abb02e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Use-after-free
EUVDB-ID: #VU94217
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40954
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sk_common_release() function in net/core/sock.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/78e4aa528a7b1204219d808310524344f627d069
https://git.kernel.org/stable/c/893eeba94c40d513cd0fe6539330ebdaea208c0e
https://git.kernel.org/stable/c/454c454ed645fed051216b79622f7cb69c1638f5
https://git.kernel.org/stable/c/5dfe2408fd7dc4d2e7ac38a116ff0a37b1cfd3b9
https://git.kernel.org/stable/c/6cd4a78d962bebbaf8beb7d2ead3f34120e3f7b2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Use-after-free
EUVDB-ID: #VU94216
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40956
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the irq_process_work_list() function in drivers/dma/idxd/irq.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/1b08bf5a17c66ab7dbb628df5344da53c8e7ab33
https://git.kernel.org/stable/c/83163667d881100a485b6c2daa30301b7f68d9b5
https://git.kernel.org/stable/c/faa35db78b058a2ab6e074ee283f69fa398c36a8
https://git.kernel.org/stable/c/a14968921486793f2a956086895c3793761309dd
https://git.kernel.org/stable/c/e3215deca4520773cd2b155bed164c12365149a7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Input validation error
EUVDB-ID: #VU94324
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40989
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vgic_v3_free_redist_region() and vgic_v3_set_redist_base() functions in arch/arm64/kvm/vgic/vgic-mmio-v3.c, within the kvm_vgic_dist_destroy() function in arch/arm64/kvm/vgic/vgic-init.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/68df4fc449fcc24347209e500ce26d5816705a77
https://git.kernel.org/stable/c/48bb62859d47c5c4197a8c01128d0fa4f46ee58c
https://git.kernel.org/stable/c/152b4123f21e6aff31cea01158176ad96a999c76
https://git.kernel.org/stable/c/0d92e4a7ffd5c42b9fa864692f82476c0bf8bcc8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Integer overflow
EUVDB-ID: #VU94294
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40994
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the max_vclocks_store() function in drivers/ptp/ptp_sysfs.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/4b03da87d0b7074c93d9662c6e1a8939f9b8b86e
https://git.kernel.org/stable/c/d50d62d5e6ee6aa03c00bddb91745d0b632d3b0f
https://git.kernel.org/stable/c/666e934d749e50a37f3796caaf843a605f115b6f
https://git.kernel.org/stable/c/e1fccfb4638ee6188377867f6015d0ce35764a8e
https://git.kernel.org/stable/c/81d23d2a24012e448f651e007fac2cfd20a45ce0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Input validation error
EUVDB-ID: #VU94530
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41011
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kfd_ioctl_alloc_memory_of_gpu(), criu_restore_memory_of_gpu() and kfd_mmio_mmap() functions in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/89fffbdf535ce659c1a26b51ad62070566e33b28
https://git.kernel.org/stable/c/4b4cff994a27ebf7bd3fb9a798a1cdfa8d01b724
https://git.kernel.org/stable/c/6186c93560889265bfe0914609c274eff40bbeb5
https://git.kernel.org/stable/c/be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Use-after-free
EUVDB-ID: #VU94672
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41012
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fcntl_setlk() function in fs/locks.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/b6d223942c34057fdfd8f149e763fa823731b224
https://git.kernel.org/stable/c/3cad1bc010416c6dd780643476bc59ed742436b9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Use of uninitialized resource
EUVDB-ID: #VU95033
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41059
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hfsplus_listxattr() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/72805debec8f7aa342da194fe0ed7bc8febea335
https://git.kernel.org/stable/c/c733e24a61cbcff10f660041d6d84d32bb7e4cb4
https://git.kernel.org/stable/c/34f8efd2743f2d961e92e8e994de4c7a2f9e74a0
https://git.kernel.org/stable/c/d02d8c1dacafb28930c39e16d48e40bb6e4cbc70
https://git.kernel.org/stable/c/22999936b91ba545ce1fbbecae6895127945e91c
https://git.kernel.org/stable/c/f08956d8e0f80fd0d4ad84ec917302bb2f3a9c6a
https://git.kernel.org/stable/c/ad57dc2caf1e0a3c0a9904400fae7afbc9f74bb2
https://git.kernel.org/stable/c/0570730c16307a72f8241df12363f76600baf57d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Use-after-free
EUVDB-ID: #VU94943
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41069
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the soc_tplg_dapm_graph_elems_load() function in sound/soc/soc-topology.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/b188d7f3dfab10e332e3c1066e18857964a520d2
https://git.kernel.org/stable/c/ab5a6208b4d6872b1c6ecea1867940fc668cc76d
https://git.kernel.org/stable/c/ccae5c6a1fab9494c86b7856faf05e296c617702
https://git.kernel.org/stable/c/97ab304ecd95c0b1703ff8c8c3956dc6e2afe8e1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Out-of-bounds read
EUVDB-ID: #VU94840
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41090
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/8be915fc5ff9a5e296f6538be12ea75a1a93bdea
https://git.kernel.org/stable/c/7431144b406ae82807eb87d8c98e518475b0450f
https://git.kernel.org/stable/c/e5e5e63c506b93b89b01f522b6a7343585f784e6
https://git.kernel.org/stable/c/ee93e6da30377cf2a75e16cd32bb9fcd86a61c46
https://git.kernel.org/stable/c/aa6a5704cab861c9b2ae9f475076e1881e87f5aa
https://git.kernel.org/stable/c/73d462a38d5f782b7c872fe9ae8393d9ef5483da
https://git.kernel.org/stable/c/e1a786b9bbb767fd1c922d424aaa8078cc542309
https://git.kernel.org/stable/c/ed7f2afdd0e043a397677e597ced0830b83ba0b3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Resource management error
EUVDB-ID: #VU94475
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48813
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vsc9959_mdio_bus_alloc() and vsc9959_mdio_bus_free() functions in drivers/net/dsa/ocelot/felix_vsc9959.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/95e5402f9430b3c7d885dd3ec4c8c02c17936923
https://git.kernel.org/stable/c/8cda7577a0b4018572f31e0caadfabd305ea2786
https://git.kernel.org/stable/c/9db6f056efd089e80d81c774c01b639adf30c097
https://git.kernel.org/stable/c/209bdb7ec6a28c7cdf580a0a98afbc9fc3b98932
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) NULL pointer dereference
EUVDB-ID: #VU94444
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48811
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_crq_queue(), __ibmvnic_open() and ibmvnic_open() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/960dfaf3b578dd23af012590e809ae2d58ba1827
https://git.kernel.org/stable/c/e08cb9056fb2564d1f6bad789bdf79ab09bf2f81
https://git.kernel.org/stable/c/61772b0908c640d0309c40f7d41d062ca4e979fa
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) NULL pointer dereference
EUVDB-ID: #VU92920
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48713
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pt_handle_status() function in arch/x86/events/intel/pt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/456f041e035913fcedb275aff6f8a71dfebcd394
https://git.kernel.org/stable/c/e83d941fd3445f660d2f43647c580a320cc384f6
https://git.kernel.org/stable/c/feffb6ae2c80b9a8206450cdef90f5943baced99
https://git.kernel.org/stable/c/1d9093457b243061a9bba23543c38726e864a643
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Use-after-free
EUVDB-ID: #VU92304
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47616
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rxe_qp_from_init() function in drivers/infiniband/sw/rxe/rxe_qp.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/acb53e47db1fbc7cd37ab10b46388f045a76e383
https://git.kernel.org/stable/c/84b01721e8042cdd1e8ffeb648844a09cd4213e0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Infinite loop
EUVDB-ID: #VU92929
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47617
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the pciehp_ist() function in drivers/pci/hotplug/pciehp_hpc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/ff27f7d0333cff89ec85c419f431aca1b38fb16a
https://git.kernel.org/stable/c/464da38ba827f670deac6500a1de9a4f0f44c41d
https://git.kernel.org/stable/c/3b4c966fb156ff3e70b2526d964952ff7c1574d9
https://git.kernel.org/stable/c/1db58c6584a72102e98af2e600ea184ddaf2b8af
https://git.kernel.org/stable/c/6d6f1f0dac3e3441ecdb1103d4efb11b9ed24dd5
https://git.kernel.org/stable/c/23584c1ed3e15a6f4bfab8dc5a88d94ab929ee12
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) NULL pointer dereference
EUVDB-ID: #VU92918
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47618
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the obj-$() function in arch/arm/probes/kprobes/Makefile. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/1515e72aae803fc6b466adf918e71c4e4c9d5b3d
https://git.kernel.org/stable/c/ba1863be105b06e10d0e2f6b1b8a0570801cfc71
https://git.kernel.org/stable/c/8b59b0a53c840921b625378f137e88adfa87647e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) NULL pointer dereference
EUVDB-ID: #VU92919
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47619
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_get_lump() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/d46fa4ea9756ef6cbcf9752d0832cc66e2d7121b
https://git.kernel.org/stable/c/be6998f232b8e4ca8225029e305b8329d89bfd59
https://git.kernel.org/stable/c/768eb705e6381f0c70ca29d4e66f19790d5d19a1
https://git.kernel.org/stable/c/00eddb0e4ea115154581d1049507a996acfc2d3e
https://git.kernel.org/stable/c/4b3aa858268b7b9aeef02e5f9c4cd8f8fac101c8
https://git.kernel.org/stable/c/92947844b8beee988c0ce17082b705c2f75f0742
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Out-of-bounds read
EUVDB-ID: #VU92905
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47620
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hci_le_adv_report_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/305e92f525450f3e1b5f5c9dc7eadb152d66a082
https://git.kernel.org/stable/c/7889b38a7f21ed19314f83194622b195d328465c
https://git.kernel.org/stable/c/5a539c08d743d9910631448da78af5e961664c0e
https://git.kernel.org/stable/c/8819f93cd4a443dfe547aa622b21f723757df3fb
https://git.kernel.org/stable/c/835d3706852537bf92eb23eb8635b8dee0c0aa67
https://git.kernel.org/stable/c/83d5196b65d1b29e27d7dd16a3b9b439fb1d2dba
https://git.kernel.org/stable/c/bcea886771c3f22a590c8c8b9139a107bd7f1e1c
https://git.kernel.org/stable/c/5c968affa804ba98c3c603f37ffea6fba618025e
https://git.kernel.org/stable/c/899663be5e75dc0174dc8bda0b5e6826edf0b29a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Improper locking
EUVDB-ID: #VU94457
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47622
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL_GPL(), ufshcd_hba_capabilities(), ufshcd_wait_for_dev_cmd(), ufshcd_exec_dev_cmd(), ufshcd_issue_devman_upiu_cmd() and ufshcd_init() functions in drivers/scsi/ufs/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/493c9e850677df8b4eda150c2364b1c1a72ed724
https://git.kernel.org/stable/c/d69d98d8edf90e25e4e09930dd36dd6d09dd6768
https://git.kernel.org/stable/c/945c3cca05d78351bba29fa65d93834cb7934c7b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Memory leak
EUVDB-ID: #VU94401
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47624
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rpc_sysfs_xprt_state_change() function in net/sunrpc/sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/4b22aa42bd4d2d630ef1854c139275c3532937cb
https://git.kernel.org/stable/c/5f6024c05a2c0fdd180b29395aaf686d25af3a0f
https://git.kernel.org/stable/c/776d794f28c95051bc70405a7b1fa40115658a18
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Memory leak
EUVDB-ID: #VU63427
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-0854
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due memory leak in the Linux kernel’s DMA subsystem when processing DMA_FROM_DEVICE calls. A local user can trigger a memory leak error and read random memory from the kernel space.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Out-of-bounds read
EUVDB-ID: #VU67473
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20368
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the packet_recvmsg() function in Linux kernel. A local user can trigger an out-of-bounds read error and potentially escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://source.android.com/security/bulletin/pixel/2022-08-01
https://android.googlesource.com/kernel/common/+/a0046956bf6fe
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Input validation error
EUVDB-ID: #VU92925
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48711
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tipc_mon_rcv() function in net/tipc/monitor.c, within the tipc_link_proto_rcv() function in net/tipc/link.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/175db196e45d6f0e6047eccd09c8ba55465eb131
https://git.kernel.org/stable/c/fde4ddeadd099bf9fbb9ccbee8e1b5c20d530a2d
https://git.kernel.org/stable/c/f1af11edd08dd8376f7a84487cbb0ea8203e3a1d
https://git.kernel.org/stable/c/d692e3406e052dbf9f6d9da0cba36cb763272529
https://git.kernel.org/stable/c/3c7e5943553594f68bbc070683db6bb6f6e9e78e
https://git.kernel.org/stable/c/1f1788616157b0222b0c2153828b475d95e374a7
https://git.kernel.org/stable/c/59ff7514f8c56f166aadca49bcecfa028e0ad50f
https://git.kernel.org/stable/c/9aa422ad326634b76309e8ff342c246800621216
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Improper error handling
EUVDB-ID: #VU92926
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48712
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ext4_fc_record_modified_inode(), ext4_fc_replay_inode(), ext4_fc_replay_add_range(), ext4_ext_replay_shrink_inode() and ext4_fc_replay_del_range() functions in fs/ext4/fast_commit.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/62e46e0ffc02daa8fcfc02f7a932cc8a19601b19
https://git.kernel.org/stable/c/1b6762ecdf3cf12113772427c904aa3c420a1802
https://git.kernel.org/stable/c/14aa3f49c7fc6424763f4323bfbc3a807b0727dc
https://git.kernel.org/stable/c/cdce59a1549190b66f8e3fe465c2b2f714b98a94
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Resource management error
EUVDB-ID: #VU93180
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48715
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnx2fc_l2_rcv_thread() and bnx2fc_recv_frame() functions in drivers/scsi/bnx2fc/bnx2fc_fcoe.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/3a345198a7c2d1db2526dc60b77052f75de019d3
https://git.kernel.org/stable/c/471085571f926a1fe6b1bed095638994dbf23990
https://git.kernel.org/stable/c/003bcee66a8f0e76157eb3af369c173151901d97
https://git.kernel.org/stable/c/53e4f71763c61a557283eb43301efd671922d1e8
https://git.kernel.org/stable/c/ec4334152dae175dbd8fd5bde1d2139bbe7b42d0
https://git.kernel.org/stable/c/2f5a1ac68bdf2899ce822ab845081922ea8c588e
https://git.kernel.org/stable/c/2d24336c7214b281b51860e54783dfc65f1248df
https://git.kernel.org/stable/c/936bd03405fc83ba039d42bc93ffd4b88418f1d3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Use-after-free
EUVDB-ID: #VU92993
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47614
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the add_pble_prm() function in drivers/infiniband/hw/irdma/pble.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/11eebcf63e98fcf047a876a51d76afdabc3b8b9b
https://git.kernel.org/stable/c/1e11a39a82e95ce86f849f40dda0d9c0498cebd9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Out-of-bounds read
EUVDB-ID: #VU92907
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48717
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the speaker_gain_control_put() function in sound/soc/codecs/max9759.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/a0f49d12547d45ea8b0f356a96632dd503941c1e
https://git.kernel.org/stable/c/71e60c170105d153e34d01766c1e4db26a4b24cc
https://git.kernel.org/stable/c/5a45448ac95b715173edb1cd090ff24b6586d921
https://git.kernel.org/stable/c/baead410e5db49e962a67fffc17ac30e44b50b7c
https://git.kernel.org/stable/c/f114fd6165dfb52520755cc4d1c1dfbd447b88b6
https://git.kernel.org/stable/c/4c907bcd9dcd233da6707059d777ab389dcbd964
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Memory leak
EUVDB-ID: #VU92891
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48720
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the macsec_common_dellink() and macsec_dellink() functions in drivers/net/macsec.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/2e7f5b6ee1a7a2c628253a95b0a95b582901ef1b
https://git.kernel.org/stable/c/e7a0b3a0806dae3cc81931f0e83055ca2ac6f455
https://git.kernel.org/stable/c/8299be160aad8548071d080518712dec0df92bd5
https://git.kernel.org/stable/c/9cef24c8b76c1f6effe499d2f131807c90f7ce9a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Improper locking
EUVDB-ID: #VU92924
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48721
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smc_stat_fallback(), smc_switch_to_fallback() and smc_clcsock_data_ready() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/0ef6049f664941bc0f75828b3a61877635048b27
https://git.kernel.org/stable/c/504078fbe9dd570d685361b57784a6050bc40aaa
https://git.kernel.org/stable/c/341adeec9adad0874f29a0a1af35638207352a39
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Memory leak
EUVDB-ID: #VU92892
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48722
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ca8210_async_xmit_complete() function in drivers/net/ieee802154/ca8210.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/a1c277b0ed2a13e7de923b5f03bc23586eceb851
https://git.kernel.org/stable/c/d6a44feb2f28d71a7e725f72d09c97c81561cd9a
https://git.kernel.org/stable/c/6f38d3a6ec11c2733b1c641a46a2a2ecec57be08
https://git.kernel.org/stable/c/78b3f20c17cbcb7645bfa63f2ca0e11b53c09d56
https://git.kernel.org/stable/c/94cd597e20ed4acedb8f15f029d92998b011cb1a
https://git.kernel.org/stable/c/21feb6df3967541931242c427fe0958276af81cc
https://git.kernel.org/stable/c/621b24b09eb61c63f262da0c9c5f0e93348897e5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Memory leak
EUVDB-ID: #VU92893
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48723
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the uniphier_spi_probe() function in drivers/spi/spi-uniphier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/e895e067d73e154b1ebc84a124e00831e311d9b0
https://git.kernel.org/stable/c/dd00b4f8f768d81c3788a8ac88fdb3d745e55ea3
https://git.kernel.org/stable/c/447c3d4046d7b54052d07d8b27e15e6edea5662c
https://git.kernel.org/stable/c/37c2c83ca4f1ef4b6908181ac98e18360af89b42
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Memory leak
EUVDB-ID: #VU92880
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48724
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the intel_setup_irq_remapping() function in drivers/iommu/intel_irq_remapping.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/a0c685ba99961b1dd894b2e470e692a539770f6d
https://git.kernel.org/stable/c/a31cb1f0fb6caf46ffe88c41252b6b7a4ee062d9
https://git.kernel.org/stable/c/5c43d46daa0d2928234dd2792ebebc35d29ee2d1
https://git.kernel.org/stable/c/9d9995b0371e4e8c18d4f955479e5d47efe7b2d4
https://git.kernel.org/stable/c/336d096b62bdc673e852b6b80d5072d7888ce85d
https://git.kernel.org/stable/c/b62eceb5f8f08815fe3f945fc55bbf997c344ecd
https://git.kernel.org/stable/c/99e675d473eb8cf2deac1376a0f840222fc1adcf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Memory leak
EUVDB-ID: #VU92881
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48725
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the siw_create_qp() function in drivers/infiniband/sw/siw/siw_verbs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/2989ba9532babac66e79997ccff73c015b69700c
https://git.kernel.org/stable/c/fa3b844a50845c817660146c27c0fc29b08d3116
https://git.kernel.org/stable/c/a75badebfdc0b3823054bedf112edb54d6357c75
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Use-after-free
EUVDB-ID: #VU92894
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48726
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ucma_alloc_ctx(), ucma_cleanup_multicast(), ucma_process_join(), mutex_unlock() and ucma_leave_multicast() functions in drivers/infiniband/core/ucma.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/75c610212b9f1756b9384911d3a2c347eee8031c
https://git.kernel.org/stable/c/2923948ffe0835f7114e948b35bcc42bc9b3baa1
https://git.kernel.org/stable/c/ee2477e8ccd3d978eeac0dc5a981b286d9bb7b0a
https://git.kernel.org/stable/c/36e8169ec973359f671f9ec7213547059cae972e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Improper error handling
EUVDB-ID: #VU92939
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48727
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/arm64/kvm/hyp/include/hyp/switch.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/e1e852746997500f1873f60b954da5f02cc2dba3
https://git.kernel.org/stable/c/57e2986c3b25092691a6e3d6ee9168caf8978932
https://git.kernel.org/stable/c/1c71dbc8a179d99dd9bb7e7fc1888db613cf85de
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) NULL pointer dereference
EUVDB-ID: #VU92908
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48728
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hfi1_ipoib_netdev_dtor() and hfi1_ipoib_setup_rn() functions in drivers/infiniband/hw/hfi1/ipoib_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/4a9bd1e6780fc59f81466ec3489d5ad535a37190
https://git.kernel.org/stable/c/a3dd4d2682f2a796121609e5f3bbeb1243198c53
https://git.kernel.org/stable/c/1899c3cad265c4583658aed5293d02e8af84276b
https://git.kernel.org/stable/c/5f8f55b92edd621f056bdf09e572092849fabd83
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Resource management error
EUVDB-ID: #VU92958
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48729
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hfi1_ipoib_txreq_init() function in drivers/infiniband/hw/hfi1/ipoib_tx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/1530d84fba1e459ba55f46aa42649b88773210e7
https://git.kernel.org/stable/c/8c83d39cc730378bbac64d67a551897b203a606e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Improper locking
EUVDB-ID: #VU92357
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47615
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5_ib_dereg_mr(), mlx5_ib_alloc_pi_mr() and __mlx5_ib_alloc_mr() functions in drivers/infiniband/hw/mlx5/mr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701
https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9
https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) NULL pointer dereference
EUVDB-ID: #VU92339
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47612
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfc_genl_dump_devices_done() function in net/nfc/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/ea55b3797878752aa076b118afb727dcf79cac34
https://git.kernel.org/stable/c/214af18abbe39db05beb305b2d11e87d09a6529c
https://git.kernel.org/stable/c/6644989642844de830f9b072cd65c553cb55946c
https://git.kernel.org/stable/c/2a8845b9603c545fddd17862282dc4c4ce0971e3
https://git.kernel.org/stable/c/d731ecc6f2eaec68f4ad1542283bbc7d07bd0112
https://git.kernel.org/stable/c/c602863ad28ec86794cb4ab4edea5324f555f181
https://git.kernel.org/stable/c/d89e4211b51752daf063d638af50abed2fd5f96d
https://git.kernel.org/stable/c/fd79a0cbf0b2e34bcc45b13acf962e2032a82203
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Off-by-one
EUVDB-ID: #VU92927
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48732
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the nvbios_addr() function in drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/d4b746e60fd8eaa8016e144223abe91158edcdad
https://git.kernel.org/stable/c/909d3ec1bf9f0ec534bfc081b77c0836fea7b0e2
https://git.kernel.org/stable/c/b2a21669ee98aafc41c6d42ef15af4dab9e6e882
https://git.kernel.org/stable/c/acc887ba88333f5fec49631f12d8cc7ebd95781c
https://git.kernel.org/stable/c/f071d9fa857582d7bd77f4906691f73d3edeab73
https://git.kernel.org/stable/c/d877e814a62b7de9069aeff8bc1d979dfc996e06
https://git.kernel.org/stable/c/e7c36fa8a1e63b08312162179c78a0c7795ea369
https://git.kernel.org/stable/c/1b777d4d9e383d2744fc9b3a09af6ec1893c8b1a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Out-of-bounds read
EUVDB-ID: #VU92315
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47586
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rk_gmac_setup() function in drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/0b4a5d1e15ce72f69be48f38dc0401dab890ae0f
https://git.kernel.org/stable/c/0546b224cc7717cc8a2db076b0bb069a9c430794
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU59131
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2013-4235
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows a local user to delete or modify arbitrary files on the system.
The vulnerability exists due to a race condition in shadow-utils when executing usermod/userdel operations. A local user with write access to the directory that is being moved or deleted by the usermod/userdel commands can modify or delete arbitrary files on the system.
Successful exploitation of the vulnerability may allow an attacker to corrupt arbitrary files on the system and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://access.redhat.com/security/cve/cve-2013-4235
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2013-4235
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Out-of-bounds read
EUVDB-ID: #VU92900
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-4439
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the detach_capi_ctr() function in drivers/isdn/capi/kcapi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/e8b8de17e164c9f1b7777f1c6f99d05539000036
https://git.kernel.org/stable/c/24219a977bfe3d658687e45615c70998acdbac5a
https://git.kernel.org/stable/c/9b6b2db77bc3121fe435f1d4b56e34de443bec75
https://git.kernel.org/stable/c/7d91adc0ccb060ce564103315189466eb822cc6a
https://git.kernel.org/stable/c/285e9210b1fab96a11c0be3ed5cea9dd48b6ac54
https://git.kernel.org/stable/c/7f221ccbee4ec662e2292d490a43ce6c314c4594
https://git.kernel.org/stable/c/cc20226e218a2375d50dd9ac14fb4121b43375ff
https://git.kernel.org/stable/c/1f3e2e97c003f80c4b087092b225c8787ff91e4d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Memory leak
EUVDB-ID: #VU91617
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47534
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vc4_atomic_commit_tail() function in drivers/gpu/drm/vc4/vc4_kms.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/53f9601e908d42481addd67cdb01a9288c611124
https://git.kernel.org/stable/c/049cfff8d53a30cae3349ff71a4c01b7d9981bc2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Use-after-free
EUVDB-ID: #VU92299
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47576
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the resp_mode_select() function in drivers/scsi/scsi_debug.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/adcecd50da6cab7b4957cba0606771dcc846c5a9
https://git.kernel.org/stable/c/90491283b4064220682e4b0687d07b05df01e3bf
https://git.kernel.org/stable/c/04181973c38f3d6a353f9246dcf7fee08024fd9e
https://git.kernel.org/stable/c/b847ecff850719c46c95acd25a0d555dfd16e10d
https://git.kernel.org/stable/c/a9078e791426c2cbbdf28a320c3670f6e0a611e6
https://git.kernel.org/stable/c/dfc3fff63793c571147930b13c0f8c689c4281ac
https://git.kernel.org/stable/c/e0a2c28da11e2c2b963fc01d50acbf03045ac732
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) NULL pointer dereference
EUVDB-ID: #VU92340
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47578
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the resp_verify() and resp_report_zones() functions in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/aa1f912712a109b6306746133de7e5343f016b26
https://git.kernel.org/stable/c/47d11d35203b0aa13533634e270fe2c3610e531b
https://git.kernel.org/stable/c/3344b58b53a76199dae48faa396e9fc37bf86992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Out-of-bounds read
EUVDB-ID: #VU92318
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47580
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the p_fill_from_dev_buffer(), resp_inquiry(), resp_requests(), resp_mode_sense(), resp_ie_l_pg(), resp_log_sense() and resp_report_zones() functions in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/bdb854f134b964528fa543e0351022eb45bd7346
https://git.kernel.org/stable/c/3085147645938eb41f0bc0e25ef9791e71f5ee4b
https://git.kernel.org/stable/c/36e07d7ede88a1f1ef8f0f209af5b7612324ac2c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Resource management error
EUVDB-ID: #VU93277
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47582
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the usbdev_release(), do_proc_control() and do_proc_bulk() functions in drivers/usb/core/devio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/403716741c6c2c510dce44e88f085a740f535de6
https://git.kernel.org/stable/c/ae8709b296d80c7f45aa1f35c0e7659ad69edce1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Use of uninitialized resource
EUVDB-ID: #VU92933
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47583
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mxl111sf_init() and mxl111sf_get_stream_config_dvbt() functions in drivers/media/usb/dvb-usb-v2/mxl111sf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/4b2d9600b31f9ba7adbc9f3c54a068615d27b390
https://git.kernel.org/stable/c/96f182c9f48b984447741f054ec301fdc8517035
https://git.kernel.org/stable/c/b99bdf127af91d53919e96292c05f737c45ea59a
https://git.kernel.org/stable/c/8c6fdf62bfe1bc72bfceeaf832ef7499c7ed09ba
https://git.kernel.org/stable/c/44870a9e7a3c24acbb3f888b2a7cc22c9bdf7e7f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Division by zero
EUVDB-ID: #VU92379
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47584
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the ioc_timer_fn() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/a7c80674538f15f85d68138240aae440b8039519
https://git.kernel.org/stable/c/3a1a4eb574178c21241a6200f4785572e661c472
https://git.kernel.org/stable/c/edaa26334c117a584add6053f48d63a988d25a6e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Memory leak
EUVDB-ID: #VU92290
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47585
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/005d9292b5b2e71a009f911bd85d755009b37242
https://git.kernel.org/stable/c/493ff661d434d6bdf02e3a21adae04d7a0b4265d
https://git.kernel.org/stable/c/f35838a6930296fc1988764cfa54cb3f705c0665
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Improper locking
EUVDB-ID: #VU92353
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47587
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tdma_port_write_desc_addr() and bcm_sysport_open() functions in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/8ed2f5d08d6e59f8c78b2869bfb95d0be32c094c
https://git.kernel.org/stable/c/de57f62f76450b934de8203711bdc4f7953c3421
https://git.kernel.org/stable/c/f3fde37d3f0d429f0fcce214cb52588a9e21260e
https://git.kernel.org/stable/c/595a684fa6f23b21958379a18cfa83862c73c2e1
https://git.kernel.org/stable/c/c675256a7f131f5ba3f331efb715e8f31ea0e392
https://git.kernel.org/stable/c/6e1011cd183faae8daff275c72444edcdfe0d473
https://git.kernel.org/stable/c/eb4687c7442942e115420a30185f8d83faf37696
https://git.kernel.org/stable/c/8b8e6e782456f1ce02a7ae914bbd5b1053f0b034
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Input validation error
EUVDB-ID: #VU93309
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47611
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee802_11_parse_elems_crc() function in net/mac80211/util.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/03029bb044ccee60adbc93e70713f3ae58abc3a1
https://git.kernel.org/stable/c/a19cf6844b509d44ecbd536f33d314d91ecdd2b5
https://git.kernel.org/stable/c/7fd214fc7f2ee3a89f91e717e3cfad55f5a27045
https://git.kernel.org/stable/c/c62b16f98688ae7bc0ab23a6490481f4ce9b3a49
https://git.kernel.org/stable/c/768c0b19b50665e337c96858aa2b7928d6dcf756
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Use-after-free
EUVDB-ID: #VU92300
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47589
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the igbvf_probe() function in drivers/net/ethernet/intel/igbvf/netdev.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/ffe1695b678729edec04037e691007900a2b2beb
https://git.kernel.org/stable/c/79d9b092035dcdbe636b70433149df9cc6db1e49
https://git.kernel.org/stable/c/8d0c927a9fb2b4065230936b77b54f857a3754fc
https://git.kernel.org/stable/c/cc9b655bb84f1be283293dfea94dff9a31b106ac
https://git.kernel.org/stable/c/8addba6cab94ce01686ea2e80ed1530f9dc33a9a
https://git.kernel.org/stable/c/74a16e062b23332d8db017ff4a41e16279c44411
https://git.kernel.org/stable/c/944b8be08131f5faf2cd2440aa1c24a39a163a54
https://git.kernel.org/stable/c/b6d335a60dc624c0d279333b22c737faa765b028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) NULL pointer dereference
EUVDB-ID: #VU92334
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47592
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tc_setup_cls_u32(), tc_init(), tc_del_flow() and tc_add_vlan_flow() functions in drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/97cb5c82aa1dd85a39b1bd021c8b5f18af623779
https://git.kernel.org/stable/c/aeb7c75cb77478fdbf821628e9c95c4baa9adc63
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Use-after-free
EUVDB-ID: #VU92301
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47596
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hclgevf_send_mbx_msg() function in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/12512bc8f25b8ba9795dfbae0e9ca57ff13fd542
https://git.kernel.org/stable/c/4f4a353f6fe033807cd026a5de81c67469ff19b0
https://git.kernel.org/stable/c/27cbf64a766e86f068ce6214f04c00ceb4db1af4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Use of uninitialized resource
EUVDB-ID: #VU92934
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47597
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the inet_sk_diag_fill() function in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/7b5596e531253ce84213d9daa7120b71c9d83198
https://git.kernel.org/stable/c/3a4f6dba1eb98101abc012ef968a8b10dac1ce50
https://git.kernel.org/stable/c/e5d28205bf1de7082d904ed277ceb2db2879e302
https://git.kernel.org/stable/c/71ddeac8cd1d217744a0e060ff520e147c9328d1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Use-after-free
EUVDB-ID: #VU92302
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47598
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cake_init() function in net/sched/sch_cake.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/4e388232e630ebe4f94b4a0715ec98c0e2b314a3
https://git.kernel.org/stable/c/0d80462fbdcafd536dcad7569e65d3d14a7e9f2f
https://git.kernel.org/stable/c/20ad1ef02f9ad5e1dda9eeb113e4c158b4806986
https://git.kernel.org/stable/c/f6deae2e2d83bd267e1986f5d71d8c458e18fd99
https://git.kernel.org/stable/c/ab443c53916730862cec202078d36fd4008bea79
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Use-after-free
EUVDB-ID: #VU92303
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47600
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rebalance_children() function in drivers/md/persistent-data/dm-btree-remove.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/a48f6a2bf33734ec5669ee03067dfb6c5b4818d6
https://git.kernel.org/stable/c/66ea642af6fd4eacb5d0271a922130fcf8700424
https://git.kernel.org/stable/c/b03abd0aa09c05099f537cb05b8460c4298f0861
https://git.kernel.org/stable/c/293f957be5e39720778fb1851ced7f5fba6d51c3
https://git.kernel.org/stable/c/501ecd90efdc9b2edc6c28852ecd098a4adf8f00
https://git.kernel.org/stable/c/0e21e6cd5eebfc929ac5fa3b97ca2d4ace3cb6a3
https://git.kernel.org/stable/c/607beb420b3fe23b948a9bf447d993521a02fbbb
https://git.kernel.org/stable/c/1b8d2789dad0005fd5e7d35dab26a8e1203fb6da
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) NULL pointer dereference
EUVDB-ID: #VU92337
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47601
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the copy_ta_binary() function in drivers/tee/amdtee/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/640e28d618e82be78fb43b4bf5113bc90d6aa442
https://git.kernel.org/stable/c/832f3655c6138c23576ed268e31cc76e0f05f2b1
https://git.kernel.org/stable/c/9d7482771fac8d8e38e763263f2ca0ca12dd22c6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Use of uninitialized resource
EUVDB-ID: #VU92372
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47602
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_sta_tx_wmm_ac_notify() function in net/mac80211/mlme.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/69f054d6642c8f6173724ce17e7ee3ff66b8f682
https://git.kernel.org/stable/c/46b9e29db2012a4d2a40a26101862e002ccf387b
https://git.kernel.org/stable/c/eed897a22230e3231a740eddd7d6d95ba476625f
https://git.kernel.org/stable/c/42d08e97b196479f593499e887a9ab81446a34b9
https://git.kernel.org/stable/c/d5e568c3a4ec2ddd23e7dc5ad5b0c64e4f22981a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Improper locking
EUVDB-ID: #VU92355
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47603
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kauditd_send_queue() and audit_net_init() functions in kernel/audit.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/75fdb751f84727d614deea0571a1490c3225d83a
https://git.kernel.org/stable/c/8389f50ceb854cb437fefb9330d5024ed3c7c1f5
https://git.kernel.org/stable/c/0d3277eabd542fb662be23696e5ec9f390d688e1
https://git.kernel.org/stable/c/4cc6badff97f74d0fce65f9784b5df3b64e4250b
https://git.kernel.org/stable/c/a5f4d17daf2e6cd7c1d9676b476147f6b4ac53f2
https://git.kernel.org/stable/c/f4b3ee3c85551d2d343a3ba159304066523f730f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) Memory leak
EUVDB-ID: #VU92291
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47607
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the check_atomic() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/f87a6c160ecc8c7b417d25f508d3f076fe346136
https://git.kernel.org/stable/c/a82fe085f344ef20b452cd5f481010ff96b5c4cd
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Memory leak
EUVDB-ID: #VU92292
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47608
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the check_atomic() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/423628125a484538111c2c6d9bb1588eb086053b
https://git.kernel.org/stable/c/7d3baf0afa3aa9102d6a521a8e4c41888bb79882
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) Buffer overflow
EUVDB-ID: #VU93303
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47609
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scpi_pm_domain_probe() function in drivers/firmware/scpi_pm_domain.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/639901b9429a3195e0fead981ed74b51f5f31538
https://git.kernel.org/stable/c/4694b1ec425a2d20d6f8ca3db594829fdf5f2672
https://git.kernel.org/stable/c/7e8645ca2c0046f7cd2f0f7d569fc036c8abaedb
https://git.kernel.org/stable/c/802a1a8501563714a5fe8824f4ed27fec04a0719
https://git.kernel.org/stable/c/f0f484714f35d24ffa0ecb4afe3df1c5b225411d
https://git.kernel.org/stable/c/976389cbb16cee46847e5d06250a3a0b5506781e
https://git.kernel.org/stable/c/865ed67ab955428b9aa771d8b4f1e4fb7fd08945
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) Memory leak
EUVDB-ID: #VU92882
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48730
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dma_heap_ioctl() function in drivers/dma-buf/dma-heap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/5d40f1bdad3dd1a177f21a90ad4353c1ed40ba3a
https://git.kernel.org/stable/c/24f8e12d965b24f8aea762589e0e9fe2025c005e
https://git.kernel.org/stable/c/cc8f7940d9c2d45f67b3d1a2f2b7a829ca561bed
https://git.kernel.org/stable/c/92c4cfaee6872038563c5b6f2e8e613f9d84d47d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Improper locking
EUVDB-ID: #VU92922
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48734
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the btrfs_quota_disable() and qgroup_rescan_init() functions in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/26b3901d20bf9da2c6a00cb1fb48932166f80a45
https://git.kernel.org/stable/c/32747e01436aac8ef93fe85b5b523b4f3b52f040
https://git.kernel.org/stable/c/89d4cca583fc9594ee7d1a0bc986886d6fb587e6
https://git.kernel.org/stable/c/31198e58c09e21d4f65c49d2361f76b87aca4c3f
https://git.kernel.org/stable/c/e804861bd4e69cc5fe1053eedcb024982dde8e48
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Out-of-bounds read
EUVDB-ID: #VU94433
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48807
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ice_lag_unlink() and ice_lag_event_handler() functions in drivers/net/ethernet/intel/ice/ice_lag.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/f9daedc3ab8f673e3a9374b91a89fbf1174df469
https://git.kernel.org/stable/c/faa9bcf700ca1a0d09f92502a6b65d3ce313fb46
https://git.kernel.org/stable/c/bea1898f65b9b7096cb4e73e97c83b94718f1fa1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Use-after-free
EUVDB-ID: #VU94420
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48792
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mpi_ssp_completion() and mpi_sata_completion() functions in drivers/scsi/pm8001/pm80xx_hwi.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/fe9ac3eaa2e387a5742b380b73a5a6bc237bf184
https://git.kernel.org/stable/c/d9d93f32534a0a80a1c26bdb0746d90a7b19c2c2
https://git.kernel.org/stable/c/f61f9fccb2cb4bb275674a79d638704db6bc2171
https://git.kernel.org/stable/c/df7abcaa1246e2537ab4016077b5443bb3c09378
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) Improper error handling
EUVDB-ID: #VU94459
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48777
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the parse_qcomsmem_part() function in drivers/mtd/parsers/qcomsmempart.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/eb03cb6e03ffd9173e18e5fe87e4e3ce83820453
https://git.kernel.org/stable/c/a2995fe23095ceda2dc382fbe057f5e164595548
https://git.kernel.org/stable/c/65d003cca335cabc0160d3cd7daa689eaa9dd3cd
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Memory leak
EUVDB-ID: #VU94407
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48778
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gpmi_nfc_exec_op() and pm_runtime_mark_last_busy() functions in drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/4cd3281a910a5adf73b2a0a82241dd67844d0b25
https://git.kernel.org/stable/c/a4eeeaca50199e3f19eb13ac3b7e0bbb93e22de4
https://git.kernel.org/stable/c/4a7ec50298b1127c5024a750c969ea0794899545
https://git.kernel.org/stable/c/58d3111eafce9e4398654b07f0b1dac27f26ee5b
https://git.kernel.org/stable/c/9161f365c91614e5a3f5c6dcc44c3b1b33bc59c0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Infinite loop
EUVDB-ID: #VU94470
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48780
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the smc_fback_error_report() and smc_switch_to_fallback() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/7de7ba7a8bd4fde0141de8674c13514d0072f0e6
https://git.kernel.org/stable/c/f00b6c976ae0dfbd9b891175f713f59095d23842
https://git.kernel.org/stable/c/1de9770d121ee9294794cca0e0be8fbfa0134ee8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) Use-after-free
EUVDB-ID: #VU94426
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48783
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gswip_remove() function in drivers/net/dsa/lantiq_gswip.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/f48bd34137718042872d06f2c7332b3267a29165
https://git.kernel.org/stable/c/df2495f329b08ac0d0d3e6334a01955ae839005e
https://git.kernel.org/stable/c/c61f599b8d33adfa256126a6695c734c0de331cb
https://git.kernel.org/stable/c/8c6ae46150a453f8ae9a6cd49b45f354f478587d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) Improper locking
EUVDB-ID: #VU94449
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48784
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cfg80211_event_work() function in net/wireless/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/241e633cb379c4f332fc1baf2abec95ec840cbeb
https://git.kernel.org/stable/c/c979f792a2baf6d0f3419587668a1a6eba46a3d2
https://git.kernel.org/stable/c/f0a6fd1527067da537e9c48390237488719948ed
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) Improper locking
EUVDB-ID: #VU94455
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48786
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vsock_stream_connect() function in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/0bb88f3f7e8d506f3efe46d694964117e20efbfc
https://git.kernel.org/stable/c/e3b3939fd137aab6d00d54bee0ee9244b286a608
https://git.kernel.org/stable/c/2910bcb9f67551a45397735e47b6d456eb8cd549
https://git.kernel.org/stable/c/5f326fe2aef411a6575628f92bd861463ea91df7
https://git.kernel.org/stable/c/87cd1bbd6677411e17369cd4b7389ab1e1fdba44
https://git.kernel.org/stable/c/787468ee7a435777521d33399d012fd591ae2f94
https://git.kernel.org/stable/c/addd62a8cb6fa90aa322365c62487da61f6baab8
https://git.kernel.org/stable/c/b9208492fcaecff8f43915529ae34b3bcb03877c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) Use-after-free
EUVDB-ID: #VU94425
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48787
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iwl_req_fw_callback() function in drivers/net/wireless/intel/iwlwifi/iwl-drv.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/d3b98fe36f8a06ce654049540773256ab59cb53d
https://git.kernel.org/stable/c/7d6475179b85a83186ccce59cdc359d4f07d0bcb
https://git.kernel.org/stable/c/494de920d98f125b099f27a2d274850750aff957
https://git.kernel.org/stable/c/008508c16af0087cda0394e1ac6f0493b01b6063
https://git.kernel.org/stable/c/ddd46059f7d99119b62d44c519df7a79f2e6a515
https://git.kernel.org/stable/c/9958b9cbb22145295ee1ffaea0904c383da2c05d
https://git.kernel.org/stable/c/bea2662e7818e15d7607d17d57912ac984275d94
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) Use-after-free
EUVDB-ID: #VU94424
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48788
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_rdma_error_recovery_work() function in drivers/nvme/host/rdma.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/5593f72d1922403c11749532e3a0aa4cf61414e9
https://git.kernel.org/stable/c/d411b2a5da68b8a130c23097014434ac140a2ace
https://git.kernel.org/stable/c/324f5bdc52ecb6a6dadb31a62823ef8c709d1439
https://git.kernel.org/stable/c/646952b2210f19e584d2bf9eb5d092abdca2fcc1
https://git.kernel.org/stable/c/ea86027ac467a055849c4945906f799e7f65ab99
https://git.kernel.org/stable/c/b6bb1722f34bbdbabed27acdceaf585d300c5fd2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Use-after-free
EUVDB-ID: #VU94423
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48789
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_tcp_error_recovery_work() function in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/61a26ffd5ad3ece456d74c4c79f7b5e3f440a141
https://git.kernel.org/stable/c/e192184cf8bce8dd55d619f5611a2eaba996fa05
https://git.kernel.org/stable/c/5e42fca37ccc76f39f73732661bd47254cad5982
https://git.kernel.org/stable/c/bb0d8fb35c4ff00a503c2c4dca4cce8d102a21c4
https://git.kernel.org/stable/c/ff9fc7ebf5c06de1ef72a69f9b1ab40af8b07f9e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) Use-after-free
EUVDB-ID: #VU94422
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48790
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_async_event_work() function in drivers/nvme/host/core.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/a25e460fbb0340488d119fb2e28fe3f829b7417e
https://git.kernel.org/stable/c/70356b756a58704e5c8818cb09da5854af87e765
https://git.kernel.org/stable/c/0ead57ceb21bbf15963b4874c2ac67143455382f
https://git.kernel.org/stable/c/e043fb5a0336ee74614e26f0d9f36f1f5bb6d606
https://git.kernel.org/stable/c/9e956a2596ae276124ef0d96829c013dd0faf861
https://git.kernel.org/stable/c/0fa0f99fc84e41057cbdd2efbfe91c6b2f47dd9d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) Use-after-free
EUVDB-ID: #VU94421
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48791
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pm8001_exec_internal_tmf_task() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/d872e7b5fe38f325f5206b6872746fa02c2b4819
https://git.kernel.org/stable/c/3c334cdfd94945b8edb94022a0371a8665b17366
https://git.kernel.org/stable/c/510b21442c3a2e3ecc071ba3e666b320e7acdd61
https://git.kernel.org/stable/c/61f162aa4381845acbdc7f2be4dfb694d027c018
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) NULL pointer dereference
EUVDB-ID: #VU94441
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48793
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the svm_set_nested_state() function in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/74b426bea4f7e3b081add2b88d4fba16d3af7ab6
https://git.kernel.org/stable/c/352193edda48e08e8824a7ece09aec830a603cfe
https://git.kernel.org/stable/c/e1779c2714c3023e4629825762bcbc43a3b943df
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) Memory leak
EUVDB-ID: #VU94408
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48775
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vmbus_add_channel_kobj() function in drivers/hv/vmbus_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/417947891bd5ae327f15efed1a0da2b12ef24962
https://git.kernel.org/stable/c/fe595759c2a4a5bb41c438474f15947d8ae32f5c
https://git.kernel.org/stable/c/91d8866ca55232d21995a3d54fac96de33c9e20c
https://git.kernel.org/stable/c/c377e2ba78d3fe9a1f0b4ec424e75f81da7e81e9
https://git.kernel.org/stable/c/92e25b637cd4e010f776c86e4810300e773eac5c
https://git.kernel.org/stable/c/8bc69f86328e87a0ffa79438430cc82f3aa6a194
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
183) Memory leak
EUVDB-ID: #VU94406
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48794
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the at86rf230_async_error_recover_complete() and at86rf230_async_error_recover() functions in drivers/net/ieee802154/at86rf230.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/d2a1eaf51b7d4412319adb6acef114ba472d1692
https://git.kernel.org/stable/c/af649e5c95f56df64363bc46f6746b87819f9c0d
https://git.kernel.org/stable/c/6312f6a53fd3ea38125dcaca5e3c9aa7d8a60cf7
https://git.kernel.org/stable/c/455ef08d6e5473526fa6763f75a93f7198206966
https://git.kernel.org/stable/c/0fd484644c68897c490a3307bfcc8bf767df5a43
https://git.kernel.org/stable/c/23b2a25382400168427ea278f3d8bf4ecfd333bf
https://git.kernel.org/stable/c/1c72f04d52b7200bb83426a9bed378668271ea4a
https://git.kernel.org/stable/c/e5ce576d45bf72fd0e3dc37eff897bfcc488f6a9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
184) Use-after-free
EUVDB-ID: #VU94419
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48796
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dev_iommu_get() function in drivers/iommu/iommu.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/cb86e511e78e796de6947b8f3acca1b7c76fb2ff
https://git.kernel.org/stable/c/65ab30f6a6952fa9ee13009862736cf8d110e6e5
https://git.kernel.org/stable/c/f74fc4b5bd533ea3d30ce47cccb8ef8d21fda85a
https://git.kernel.org/stable/c/b54240ad494300ff0994c4539a531727874381f4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
185) Buffer overflow
EUVDB-ID: #VU94477
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48797
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the change_pte_range() function in mm/mprotect.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/254090925e16abd914c87b4ad1b489440d89c4c3
https://git.kernel.org/stable/c/b3dc4b9d3ca68b370c4aeab5355007eedf948849
https://git.kernel.org/stable/c/d187eeb02d18446e5e54ed6bcbf8b47e6551daea
https://git.kernel.org/stable/c/80d47f5de5e311cbc0d01ebb6ee684e8f4c196c6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
186) Input validation error
EUVDB-ID: #VU94490
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48798
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the io_subchannel_chp_event() function in drivers/s390/cio/device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/fe990b7bf6ac93f1d850d076b8f0e758268aa4ab
https://git.kernel.org/stable/c/a0619027f11590b2070624297530c34dc7f91bcd
https://git.kernel.org/stable/c/dd9cb842fa9d90653a9b48aba52f89c069f3bc50
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
187) Buffer overflow
EUVDB-ID: #VU94478
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48799
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the DEFINE_PER_CPU() and perf_cgroup_switch() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/5d76ed4223403f90421782adb2f20a9ecbc93186
https://git.kernel.org/stable/c/30d9f3cbe47e1018ddc8069ac5b5c9e66fbdf727
https://git.kernel.org/stable/c/a2ed7b29d0673ba361546e2d87dbbed149456c45
https://git.kernel.org/stable/c/f6b5d51976fcefef5732da3e3feb3ccff680f7c8
https://git.kernel.org/stable/c/7969fe91c9830e045901970e9d755b7505881d4a
https://git.kernel.org/stable/c/2142bc1469a316fddd10012d76428f7265258f81
https://git.kernel.org/stable/c/5f4e5ce638e6a490b976ade4a40017b40abb2da0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
188) Improper locking
EUVDB-ID: #VU94454
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48800
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reclaim_throttle() function in mm/vmscan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/3980cff6349687f73d5109f156f23cb261c24164
https://git.kernel.org/stable/c/b485c6f1f9f54b81443efda5f3d8a5036ba2cd91
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
189) Use-after-free
EUVDB-ID: #VU94416
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48801
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iio_device_buffer_getfd() function in drivers/iio/industrialio-buffer.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/b7f54894aa7517d2b6c797a499b9f491e9db9083
https://git.kernel.org/stable/c/202071d2518537866d291aa7cf26af54e674f4d4
https://git.kernel.org/stable/c/c72ea20503610a4a7ba26c769357d31602769c01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
190) Improper error handling
EUVDB-ID: #VU94460
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48802
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the smaps_page_accumulate(), smaps_account(), smaps_pte_entry(), smaps_pmd_entry(), pte_to_pagemap_entry() and pagemap_pmd_range() functions in fs/proc/task_mmu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/db3f3636e4aed2cba3e4e7897a053323f7a62249
https://git.kernel.org/stable/c/a8dd0cfa37792863b6c4bf9542975212a6715d49
https://git.kernel.org/stable/c/05d3f8045efa59457b323caf00bdb9273b7962fa
https://git.kernel.org/stable/c/24d7275ce2791829953ed4e72f68277ceb2571c6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
191) Out-of-bounds read
EUVDB-ID: #VU94430
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48803
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/phy/ti/phy-j721e-wiz.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/3c75d1017cb362b6a4e0935746ef5da28250919f
https://git.kernel.org/stable/c/7a360e546ad9e7c3fd53d6bb60348c660cd28f54
https://git.kernel.org/stable/c/5b0c9569135a37348c1267c81e8b0274b21a86ed
https://git.kernel.org/stable/c/6d1e6bcb31663ee83aaea1f171f3dbfe95dd4a69
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
192) Out-of-bounds read
EUVDB-ID: #VU94431
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48804
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vt_ioctl() function in drivers/tty/vt/vt_ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/830c5aa302ec16b4ee641aec769462c37f802c90
https://git.kernel.org/stable/c/2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0
https://git.kernel.org/stable/c/170325aba4608bde3e7d21c9c19b7bc266ac0885
https://git.kernel.org/stable/c/ae3d57411562260ee3f4fd5e875f410002341104
https://git.kernel.org/stable/c/778302ca09498b448620edd372dc908bebf80bdf
https://git.kernel.org/stable/c/ffe54289b02e9c732d6f04c8ebbe3b2d90d32118
https://git.kernel.org/stable/c/6550bdf52846f85a2a3726a5aa0c7c4399f2fc02
https://git.kernel.org/stable/c/61cc70d9e8ef5b042d4ed87994d20100ec8896d9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
193) Out-of-bounds read
EUVDB-ID: #VU94432
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48805
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ax88179_rx_fixup() function in drivers/net/usb/ax88179_178a.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/711b6bf3fb052f0a6b5b3205d50e30c0c2980382
https://git.kernel.org/stable/c/63f0cfb36c1f1964a59ce544156677601e2d8740
https://git.kernel.org/stable/c/1668781ed24da43498799aa4f65714a7de201930
https://git.kernel.org/stable/c/a0fd5492ee769029a636f1fb521716b022b1423d
https://git.kernel.org/stable/c/758290defe93a865a2880d10c5d5abd288b64b5d
https://git.kernel.org/stable/c/ffd0393adcdcefab7e131488e10dcfde5e02d6eb
https://git.kernel.org/stable/c/9681823f96a811268265f35307072ad80713c274
https://git.kernel.org/stable/c/57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
194) Buffer overflow
EUVDB-ID: #VU94467
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48806
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ee1004_eeprom_read() function in drivers/misc/eeprom/ee1004.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/3937c35493ee2847aaefcfa5460e94b7443eef49
https://git.kernel.org/stable/c/a37960df7eac3cc8094bd1ab84864e9e32c91345
https://git.kernel.org/stable/c/9a5f471ae380f9fcb9756d453c12ca1f8595a93c
https://git.kernel.org/stable/c/9443ddeb3754e9e382a396b50adc1961301713ce
https://git.kernel.org/stable/c/c0689e46be23160d925dca95dfc411f1a0462708
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
195) Memory leak
EUVDB-ID: #VU94491
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48776
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the parse_qcomsmem_cleanup() function in drivers/mtd/parsers/qcomsmempart.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/3eb5185896a68373714dc7d0009111744adc3345
https://git.kernel.org/stable/c/1b37889f9a151d26a3fb0d3870f6e1046dee2e24
https://git.kernel.org/stable/c/3dd8ba961b9356c4113b96541c752c73d98fef70
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
196) Memory leak
EUVDB-ID: #VU94409
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48774
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pt_core_init() function in drivers/dma/ptdma/ptdma-dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/3e41445287afa3cf6d572778e5aab31d25e60a8d
https://git.kernel.org/stable/c/d7de1e4820c5a42441ff7276174c8c0e63575c1b
https://git.kernel.org/stable/c/3c62fd3406e0b2277c76a6984d3979c7f3f1d129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
197) Use-after-free
EUVDB-ID: #VU92896
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48735
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_hda_gen_spec_free() and create_mute_led_cdev() functions in sound/pci/hda/hda_generic.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/a7de1002135cf94367748ffc695a29812d7633b5
https://git.kernel.org/stable/c/0e629052f013eeb61494d4df2f1f647c2a9aef47
https://git.kernel.org/stable/c/813e9f3e06d22e29872d4fd51b54992d89cf66c8
https://git.kernel.org/stable/c/549f8ffc7b2f7561bea7f90930b6c5104318e87b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
198) NULL pointer dereference
EUVDB-ID: #VU92914
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48751
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smc_stat_fallback(), smc_switch_to_fallback(), smc_listen_decline(), smc_listen_work(), smc_sendmsg(), smc_setsockopt() and smc_getsockopt() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/38f0bdd548fd2ef5d481b88d8a2bfef968452e34
https://git.kernel.org/stable/c/4284225cd8001e134f5cf533a7cd244bbb654d0f
https://git.kernel.org/stable/c/c0bf3d8a943b6f2e912b7c1de03e2ef28e76f760
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
199) Out-of-bounds read
EUVDB-ID: #VU92901
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48736
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_xr_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/17e16a66b4f9a310713d8599e6e1ca4a0c9fd28c
https://git.kernel.org/stable/c/54abca038e287d3746dd40016514670a7f654c5c
https://git.kernel.org/stable/c/7659f25a80e6affb784b690df8994b79b4212fd4
https://git.kernel.org/stable/c/fd9a23319f16e7031f0d8c98eed6e093c2927229
https://git.kernel.org/stable/c/6877f87579ed830f9ff6d478539074f035d04bfb
https://git.kernel.org/stable/c/b0a7836ecf1345814a7d8ef748fb797c520dad18
https://git.kernel.org/stable/c/e09cf398e8c6db69c620b6d8073abc4377a07af5
https://git.kernel.org/stable/c/4cf28e9ae6e2e11a044be1bcbcfa1b0d8675fe4d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
200) Out-of-bounds read
EUVDB-ID: #VU92902
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48737
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_volsw_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/9e5c40b5706d8aae2cf70bd7e01f0b4575a642d0
https://git.kernel.org/stable/c/4977491e4b3aad8567f57e2a9992d251410c1db3
https://git.kernel.org/stable/c/9a12fcbf3c622f9bf6b110a873d62b0cba93972e
https://git.kernel.org/stable/c/c33402b056de61104b6146dedbe138ca8d7ec62b
https://git.kernel.org/stable/c/038f8b7caa74d29e020949a43ca368c93f6b29b9
https://git.kernel.org/stable/c/e8e07c5e25a29e2a6f119fd947f55d7a55eb8a13
https://git.kernel.org/stable/c/ef6cd9eeb38062a145802b7b56be7ae1090e165e
https://git.kernel.org/stable/c/4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
201) Out-of-bounds read
EUVDB-ID: #VU92903
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48738
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_volsw() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/40f598698129b5ceaf31012f9501b775c7b6e57d
https://git.kernel.org/stable/c/586ef863c94354a7e00e5ae5ef01443d1dc99bc7
https://git.kernel.org/stable/c/65a61b1f56f5386486757930069fbdce94af08bf
https://git.kernel.org/stable/c/68fd718724284788fc5f379e0b7cac541429ece7
https://git.kernel.org/stable/c/a9394f21fba027147bf275b083c77955864c366a
https://git.kernel.org/stable/c/9e8895f1b3d4433f6d78aa6578e9db61ca6e6830
https://git.kernel.org/stable/c/bb72d2dda85564c66d909108ea6903937a41679d
https://git.kernel.org/stable/c/817f7c9335ec01e0f5e8caffc4f1dcd5e458a4c0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
202) Out-of-bounds read
EUVDB-ID: #VU92904
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48739
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the include/uapi/sound/asound.h, sound/soc/codecs/hdmi-codec.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/10007bd96b6c4c3cfaea9e76c311b06a07a5e260
https://git.kernel.org/stable/c/1552e66be325a21d7eff49f46013fb402165a0ac
https://git.kernel.org/stable/c/06feec6005c9d9500cd286ec440aabf8b2ddd94d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
203) NULL pointer dereference
EUVDB-ID: #VU92909
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48740
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cond_list_destroy() and cond_read_list() functions in security/selinux/ss/conditional.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/f446089a268c8fc6908488e991d28a9b936293db
https://git.kernel.org/stable/c/70caa32e6d81f45f0702070c0e4dfe945e92fbd7
https://git.kernel.org/stable/c/7ed9cbf7ac0d4ed86b356e1b944304ae9ee450d4
https://git.kernel.org/stable/c/186edf7e368c40d06cf727a1ad14698ea67b74ad
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
204) Integer underflow
EUVDB-ID: #VU92928
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48743
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the xgbe_rx_buf2_len() function in drivers/net/ethernet/amd/xgbe/xgbe-drv.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/9924c80bd484340191e586110ca22bff23a49f2e
https://git.kernel.org/stable/c/617f9934bb37993b9813832516f318ba874bcb7d
https://git.kernel.org/stable/c/34aeb4da20f93ac80a6291a2dbe7b9c6460e9b26
https://git.kernel.org/stable/c/9892742f035f7aa7dcd2bb0750effa486db89576
https://git.kernel.org/stable/c/4d3fcfe8464838b3920bc2b939d888e0b792934e
https://git.kernel.org/stable/c/db6fd92316a254be2097556f01bccecf560e53ce
https://git.kernel.org/stable/c/e8f73f620fee5f52653ed2da360121e4446575c5
https://git.kernel.org/stable/c/5aac9108a180fc06e28d4e7fb00247ce603b72ee
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
205) Buffer overflow
EUVDB-ID: #VU92950
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48744
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the mlx5e_xmit_xdp_frame() function in drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/8fbdf8c8b8ab82beab882175157650452c46493e
https://git.kernel.org/stable/c/ad5185735f7dab342fdd0dd41044da4c9ccfef67
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
206) Race condition
EUVDB-ID: #VU92930
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48745
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the mlx5_stop_sync_reset_poll() function in drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/502c37b033fab7cde3e95a570af4f073306be45e
https://git.kernel.org/stable/c/f895ebeb44d09d02674cfdd0cfc2bf687603918c
https://git.kernel.org/stable/c/2a038dd1d942f8fbc495c58fa592ff24af05f1c2
https://git.kernel.org/stable/c/3c5193a87b0fea090aa3f769d020337662d87b5e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
207) NULL pointer dereference
EUVDB-ID: #VU92911
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48746
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_rep_bond_unslave(), mlx5e_rep_changelowerstate_event(), mlx5e_rep_changeupper_event() and mlx5e_rep_esw_bond_netevent() functions in drivers/net/ethernet/mellanox/mlx5/core/en/rep/bond.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/a01ee1b8165f4161459b5ec4e728bc7130fe8cd4
https://git.kernel.org/stable/c/fe70126da6063c29ca161cdec7ad1dae9af836b3
https://git.kernel.org/stable/c/4fad499d7fece448e7230d5e5b92f6d8a073e0bb
https://git.kernel.org/stable/c/ec41332e02bd0acf1f24206867bb6a02f5877a62
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
208) Use of uninitialized resource
EUVDB-ID: #VU92932
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48747
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the bio_truncate() function in block/bio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/6cbf4c731d7812518cd857c2cfc3da9fd120f6ae
https://git.kernel.org/stable/c/b63e120189fd92aff00096d11e2fc5253f60248b
https://git.kernel.org/stable/c/4633a79ff8bc82770486a063a08b55e5162521d8
https://git.kernel.org/stable/c/941d5180c430ce5b0f7a3622ef9b76077bfa3d82
https://git.kernel.org/stable/c/3ee859e384d453d6ac68bfd5971f630d9fa46ad3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
209) NULL pointer dereference
EUVDB-ID: #VU92912
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48749
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dpu_setup_dspp_pcc() function in drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dspp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/93a6e920d8ccb4df846c03b6e72f7e08843d294c
https://git.kernel.org/stable/c/8f069f6dde518dfebe86e848508c07e497bd9298
https://git.kernel.org/stable/c/1ebc18836d5df09061657f8c548e594cbb519476
https://git.kernel.org/stable/c/170b22234d5495f5e0844246e23f004639ee89ba
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
210) Resource management error
EUVDB-ID: #VU92959
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48752
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the power_pmu_disable() function in arch/powerpc/perf/core-book3s.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/55402a4618721f350a9ab660bb42717d8aa18e7c
https://git.kernel.org/stable/c/28aaed966e76807a71de79dd40a8eee9042374dd
https://git.kernel.org/stable/c/fa4ad064a6bd49208221df5e62adf27b426d1720
https://git.kernel.org/stable/c/fb6433b48a178d4672cb26632454ee0b21056eaa
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
211) NULL pointer dereference
EUVDB-ID: #VU94439
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48773
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rpcrdma_ep_create() function in net/sunrpc/xprtrdma/verbs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/1e7433fb95ccc01629a5edaa4ced0cd8c98d0ae0
https://git.kernel.org/stable/c/9921c866dc369577c3ebb9adf2383b01b58c18de
https://git.kernel.org/stable/c/2526d4d8b209dc5ac1fbeb468149774888b2a141
https://git.kernel.org/stable/c/a9c10b5b3b67b3750a10c8b089b2e05f5e176e33
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
212) Use-after-free
EUVDB-ID: #VU92898
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48754
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the phy_detach() function in drivers/net/phy/phy_device.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/67d271760b037ce0806d687ee6057edc8afd4205
https://git.kernel.org/stable/c/f39027cbada43b33566c312e6be3db654ca3ad17
https://git.kernel.org/stable/c/bd024e36f68174b1793906c39ca16cee0c9295c2
https://git.kernel.org/stable/c/aefaccd19379d6c4620269a162bfb88ff687f289
https://git.kernel.org/stable/c/cb2fab10fc5e7a3aa1bb0a68a3abdcf3e37852af
https://git.kernel.org/stable/c/cbda1b16687580d5beee38273f6241ae3725960c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
213) NULL pointer dereference
EUVDB-ID: #VU92915
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48756
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_dsi_phy_driver_unregister() function in drivers/gpu/drm/msm/dsi/phy/dsi_phy.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/6d9f8ba28f3747ca0f910a363e46f1114856dbbe
https://git.kernel.org/stable/c/ca63eeb70fcb53c42e1fe54e1735a54d8e7759fd
https://git.kernel.org/stable/c/581317b1f001b7509041544d7019b75571daa100
https://git.kernel.org/stable/c/79c0b5287ded74f4eacde4dfd8aa0a76cbd853b5
https://git.kernel.org/stable/c/56480fb10b976581a363fd168dc2e4fbee87a1a7
https://git.kernel.org/stable/c/2b7e7df1eacd280e561ede3e977853606871c951
https://git.kernel.org/stable/c/5e761a2287234bc402ba7ef07129f5103bcd775c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
214) Resource management error
EUVDB-ID: #VU92960
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48758
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnx2fc_bind_pcidev(), bnx2fc_indicate_netevent(), bnx2fc_vport_destroy(), bnx2fc_if_create(), __bnx2fc_destroy(), bnx2fc_destroy_work() and bnx2fc_ulp_exit() functions in drivers/scsi/bnx2fc/bnx2fc_fcoe.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/2a12fe8248a38437b95b942bbe85aced72e6e2eb
https://git.kernel.org/stable/c/262550f29c750f7876b6ed1244281e72b64ebffb
https://git.kernel.org/stable/c/c93a290c862ccfa404e42d7420565730d67cbff9
https://git.kernel.org/stable/c/de6336b17a1376db1c0f7a528cce8783db0881c0
https://git.kernel.org/stable/c/bf2bd892a0cb14dd2d21f2c658f4b747813be311
https://git.kernel.org/stable/c/00849de10f798a9538242824a51b1756e7110754
https://git.kernel.org/stable/c/b11e34f7bab21df36f02a5e54fb69e858c09a65d
https://git.kernel.org/stable/c/ace7b6ef41251c5fe47f629a9a922382fb7b0a6b
https://git.kernel.org/stable/c/847f9ea4c5186fdb7b84297e3eeed9e340e83fce
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
215) Race condition
EUVDB-ID: #VU92931
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48759
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rpmsg_ctrldev_release_device(), rpmsg_chrdev_probe() and rpmsg_chrdev_remove() functions in drivers/rpmsg/rpmsg_char.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/74d85e9fbc7022a4011102c7474a9c7aeb704a35
https://git.kernel.org/stable/c/70cb4295ec806b663665e1d2ed15caab6159880e
https://git.kernel.org/stable/c/da27b834c1e0222e149e06caddf7718478086d1b
https://git.kernel.org/stable/c/1dbb206730f3e5ce90014ad569ddf8167ec4124a
https://git.kernel.org/stable/c/85aba11a8ea92a8eef2de95ebbe063086fd62d9c
https://git.kernel.org/stable/c/d6cdc6ae542845d4d0ac8b6d99362bde7042a3c7
https://git.kernel.org/stable/c/b7fb2dad571d1e21173c06cef0bced77b323990a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
216) Buffer overflow
EUVDB-ID: #VU92976
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48760
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the usb_kill_urb() and usb_poison_urb() functions in drivers/usb/core/urb.c, within the __usb_hcd_giveback_urb() function in drivers/usb/core/hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/5f138ef224dffd15d5e5c5b095859719e0038427
https://git.kernel.org/stable/c/b50f5ca60475710bbc9a3af32fbfc17b1e69c2f0
https://git.kernel.org/stable/c/546ba238535d925254e0b3f12012a5c55801e2f3
https://git.kernel.org/stable/c/5904dfd3ddaff3bf4a41c3baf0a8e8f31ed4599b
https://git.kernel.org/stable/c/9c61fce322ac2ef7fecf025285353570d60e41d6
https://git.kernel.org/stable/c/e3b131e30e612ff0e32de6c1cb4f69f89db29193
https://git.kernel.org/stable/c/9340226388c66a7e090ebb00e91ed64a753b6c26
https://git.kernel.org/stable/c/c9a18f7c5b071dce5e6939568829d40994866ab0
https://git.kernel.org/stable/c/26fbe9772b8c459687930511444ce443011f86bf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
217) Resource management error
EUVDB-ID: #VU92979
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48761
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the xhci_plat_suspend() function in drivers/usb/host/xhci-plat.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/20c51a4c52208f98e27308c456a1951778f41fa5
https://git.kernel.org/stable/c/d5755832a1e47f5d8773f0776e211ecd4e02da72
https://git.kernel.org/stable/c/8b05ad29acb972850ad795fa850e814b2e758b83
https://git.kernel.org/stable/c/9df478463d9feb90dae24f183383961cf123a0ec
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
218) Memory leak
EUVDB-ID: #VU92887
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48763
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kvm_vcpu_ioctl_x86_set_vcpu_events() function in arch/x86/kvm/x86.c, within the nested_vmx_hardware_setup() function in arch/x86/kvm/vmx/nested.c, within the svm_set_efer() function in arch/x86/kvm/svm/svm.c, within the svm_free_nested() and svm_set_nested_state() functions in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/080dbe7e9b86a0392d8dffc00d9971792afc121f
https://git.kernel.org/stable/c/e302786233e6bc512986d007c96458ccf5ca21c7
https://git.kernel.org/stable/c/b4c0d89c92e957ecccce12e66b63875d0cc7af7e
https://git.kernel.org/stable/c/f7e570780efc5cec9b2ed1e0472a7da14e864fdb
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
219) Resource management error
EUVDB-ID: #VU93276
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48765
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvm_apic_set_state() function in arch/x86/kvm/lapic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/54b3439c8e70e0bcfea59aeef9dd98908cbbf655
https://git.kernel.org/stable/c/ce55f63f6cea4cab8ae9212f73285648a5baa30d
https://git.kernel.org/stable/c/35fe7cfbab2e81f1afb23fc4212210b1de6d9633
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
220) Memory leak
EUVDB-ID: #VU92889
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48767
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the restore_deleg_ino() function in fs/ceph/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/e7be12ca7d3947765b0d7c1c7e0537e748da993a
https://git.kernel.org/stable/c/36d433ae3242aa714176378850e6d1a5a3e78f18
https://git.kernel.org/stable/c/a0c22e970cd78b81c94691e6cb09713e8074d580
https://git.kernel.org/stable/c/932a9b5870d38b87ba0a9923c804b1af7d3605b9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
221) Memory leak
EUVDB-ID: #VU92890
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48768
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the trace_action_create() function in kernel/trace/trace_events_hist.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/8a8878ebb596281f50fc0b9a6e1f23f0d7f154e8
https://git.kernel.org/stable/c/d71b06aa995007eafd247626d0669b9364c42ad7
https://git.kernel.org/stable/c/e33fa4a46ee22de88a700e2e3d033da8214a5175
https://git.kernel.org/stable/c/df86e2fe808c3536a9dba353cc2bebdfea00d0cf
https://git.kernel.org/stable/c/e629e7b525a179e29d53463d992bdee759c950fb
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
222) Buffer overflow
EUVDB-ID: #VU93248
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48769
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the efi_systab_report_header() function in drivers/firmware/efi/efi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/b0f1cc093bc2493ac259c53766fd2b800e085807
https://git.kernel.org/stable/c/3df52448978802ae15dcebf66beba1029df957b4
https://git.kernel.org/stable/c/a4085859411c825c321c9b55b8a9dc5a128a6684
https://git.kernel.org/stable/c/f5390cd0b43c2e54c7cf5506c7da4a37c5cef746
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
223) Use-after-free
EUVDB-ID: #VU92899
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48771
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmw_kms_helper_buffer_finish() function in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c, within the vmw_fence_event_ioctl() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c, within the vmw_execbuf_fence_commands(), vmw_execbuf_copy_fence_user() and vmw_execbuf_process() functions in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3- cpe:2.3:a:dell:dell_emc_storage_monitoring_and_reporting_smr:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/e8d092a62449dcfc73517ca43963d2b8f44d0516
https://git.kernel.org/stable/c/0008a0c78fc33a84e2212a7c04e6b21a36ca6f4d
https://git.kernel.org/stable/c/84b1259fe36ae0915f3d6ddcea6377779de48b82
https://git.kernel.org/stable/c/ae2b20f27732fe92055d9e7b350abc5cdf3e2414
https://git.kernel.org/stable/c/6066977961fc6f437bc064f628cf9b0e4571c56c
https://git.kernel.org/stable/c/1d833b27fb708d6fdf5de9f6b3a8be4bd4321565
https://git.kernel.org/stable/c/a0f90c8815706981c483a652a6aefca51a5e191c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
