openEuler 24.03 LTS update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 40 |
| CVE-ID | CVE-2024-40927 CVE-2024-47697 CVE-2024-47713 CVE-2024-47738 CVE-2024-49897 CVE-2024-49923 CVE-2024-49977 CVE-2024-49991 CVE-2024-49997 CVE-2024-50103 CVE-2024-50112 CVE-2024-50116 CVE-2024-50117 CVE-2024-50134 CVE-2024-50159 CVE-2024-50194 CVE-2024-50200 CVE-2024-50210 CVE-2024-50224 CVE-2024-50239 CVE-2024-50249 CVE-2024-50257 CVE-2024-50263 CVE-2024-50267 CVE-2024-50268 CVE-2024-50279 CVE-2024-50287 CVE-2024-50290 CVE-2024-50292 CVE-2024-50301 CVE-2024-50302 CVE-2024-53057 CVE-2024-53068 CVE-2024-53072 CVE-2024-53082 CVE-2024-53104 CVE-2024-53110 CVE-2024-53112 CVE-2024-53125 CVE-2024-53130 |
| CWE-ID | CWE-416 CWE-125 CWE-667 CWE-399 CWE-388 CWE-476 CWE-20 CWE-119 CWE-1037 CWE-617 CWE-369 CWE-191 CWE-401 CWE-787 |
| Exploitation vector | Local |
| Public exploit |
Vulnerability #31 is being exploited in the wild. Vulnerability #36 is being exploited in the wild. |
| Vulnerable software |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 40 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU94220
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40927
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xhci_invalidate_cancelled_tds() and xhci_handle_cmd_set_deq() functions in drivers/usb/host/xhci-ring.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU98920
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47697
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtl2830_pid_filter() function in drivers/media/dvb-frontends/rtl2830.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper locking
EUVDB-ID: #VU99032
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47713
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ieee80211_do_stop() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU99175
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47738
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ieee80211_tx_h_rate_ctrl() function in net/mac80211/tx.c, within the ieee80211_send_scan_probe_req() function in net/mac80211/scan.c, within the ieee80211_get_tx_rates() function in net/mac80211/rate.c, within the ieee80211_mgmt_tx() function in net/mac80211/offchannel.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper error handling
EUVDB-ID: #VU99072
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49897
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dcn32_add_phantom_pipes() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU98950
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49923
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn21_fast_validate_bw() function in drivers/gpu/drm/amd/display/dc/resource/dcn21/dcn21_resource.c, within the dcn20_fast_validate_bw() function in drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU99221
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49977
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tc_setup_cbs() function in drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU98882
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49991
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pqm_clean_queue_resource() function in drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c, within the kfd_process_destroy_pdds() function in drivers/gpu/drm/amd/amdkfd/kfd_process.c, within the kfd_free_mqd_cp() function in drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c, within the deallocate_hiq_sdma_mqd() function in drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c, within the kfd_gtt_sa_fini() and kgd2kfd_device_exit() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c, within the kfd_ioctl_create_queue() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c, within the amdgpu_amdkfd_free_gtt_mem() function in drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU99193
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49997
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ltq_etop_tx() function in drivers/net/ethernet/lantiq_etop.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU99814
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50103
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the asoc_qcom_lpass_cpu_platform_probe() function in sound/soc/qcom/lpass-cpu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Processor optimization removal or modification of security-critical code
EUVDB-ID: #VU99846
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50112
CWE-ID:
CWE-1037 - Processor optimization removal or modification of security-critical code
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to speculative execution within the arch/x86/Kconfig. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper error handling
EUVDB-ID: #VU99831
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50116
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_forget_buffer() and nilfs_clear_dirty_page() functions in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU99818
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50117
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_atif_call() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Buffer overflow
EUVDB-ID: #VU99837
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50134
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the hgsmi_update_pointer_shape() function in drivers/gpu/drm/vboxvideo/hgsmi_base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU100064
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50159
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the scmi_debugfs_common_setup() function in drivers/firmware/arm_scmi/driver.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Buffer overflow
EUVDB-ID: #VU100146
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50194
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() functions in arch/arm64/kernel/probes/uprobes.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Reachable assertion
EUVDB-ID: #VU100132
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50200
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the mte_node_or_none(), mas_wr_walk(), mas_wr_walk_index() and mas_wr_spanning_store() functions in lib/maple_tree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper locking
EUVDB-ID: #VU100129
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50210
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU100175
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50224
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dspi_setup() function in drivers/spi/spi-fsl-dspi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) NULL pointer dereference
EUVDB-ID: #VU100178
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50239
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qmp_usb_legacy_probe() function in drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper locking
EUVDB-ID: #VU100186
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50249
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the acpi_cppc_processor_probe() and cpc_write() functions in drivers/acpi/cppc_acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU100168
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50257
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xt_find_table_lock() function in net/netfilter/x_tables.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper error handling
EUVDB-ID: #VU100238
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50263
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dup_mmap() and vma_iter_free() functions in kernel/fork.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU100613
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50267
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the edge_bulk_out_data_callback() and edge_bulk_out_cmd_callback() functions in drivers/usb/serial/io_edgeport.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds read
EUVDB-ID: #VU100618
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50268
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ucsi_ccg_update_set_new_cam_cmd() function in drivers/usb/typec/ucsi/ucsi_ccg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds read
EUVDB-ID: #VU100620
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50279
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the can_resize() function in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Division by zero
EUVDB-ID: #VU100639
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50287
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the tpg_precalculate_line() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Integer underflow
EUVDB-ID: #VU100637
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50290
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the cx24116_read_snr_pct() function in drivers/media/dvb-frontends/cx24116.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) NULL pointer dereference
EUVDB-ID: #VU100625
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50292
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the stm32_spdifrx_remove() function in sound/soc/stm/stm32_spdifrx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Out-of-bounds read
EUVDB-ID: #VU100622
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50301
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the security/keys/keyring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Memory leak
EUVDB-ID: #VU100611
Risk: Medium
CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2024-50302
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
Note, the vulnerability is being actively exploited in the wild against Android devices.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
32) Use-after-free
EUVDB-ID: #VU100707
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53057
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_tree_reduce_backlog() function in net/sched/sch_api.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Use-after-free
EUVDB-ID: #VU100708
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53068
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL(), __scmi_device_destroy() and __scmi_device_create() functions in drivers/firmware/arm_scmi/bus.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Resource management error
EUVDB-ID: #VU100739
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53072
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amd_pmc_s2d_init() function in drivers/platform/x86/amd/pmc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Input validation error
EUVDB-ID: #VU100749
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53082
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the virtnet_probe() function in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Out-of-bounds write
EUVDB-ID: #VU101102
Risk: High
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-53104
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an out-of-bounds read error within the uvc_parse_format() function in drivers/media/usb/uvc/uvc_driver.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
37) Buffer overflow
EUVDB-ID: #VU101116
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53110
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the vp_vdpa_probe() function in drivers/vdpa/virtio_pci/vp_vdpa.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Improper locking
EUVDB-ID: #VU101107
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53112
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_commit_trans() function in fs/ocfs2/resize.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Resource management error
EUVDB-ID: #VU101233
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53125
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the find_equal_scalars() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) NULL pointer dereference
EUVDB-ID: #VU101225
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53130
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nilfs_grab_buffer() function in fs/nilfs2/page.c, within the nilfs_mdt_create_block() function in fs/nilfs2/mdt.c, within the nilfs_gccache_submit_read_data() function in fs/nilfs2/gcinode.c, within the nilfs_btnode_create_block() and nilfs_btnode_submit_block() functions in fs/nilfs2/btnode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
