Multiple vulnerabilities in Dell Cloud Tiering Appliance
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 49 |
| CVE-ID | CVE-2024-46695 CVE-2024-43882 CVE-2024-43883 CVE-2024-44947 CVE-2022-48911 CVE-2022-48945 CVE-2024-36971 CVE-2024-41087 CVE-2024-44946 CVE-2024-45003 CVE-2024-45021 CVE-2024-46774 CVE-2024-42271 CVE-2024-6345 CVE-2024-31145 CVE-2024-31146 CVE-2024-6923 CVE-2024-7592 CVE-2023-31315 CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235 CVE-2024-43861 CVE-2024-42232 CVE-2022-48853 CVE-2024-5535 CVE-2023-50782 CVE-2024-7348 CVE-2022-0854 CVE-2022-20368 CVE-2022-48686 CVE-2022-48791 CVE-2022-48802 CVE-2022-48805 CVE-2022-48839 CVE-2022-48872 CVE-2024-42077 CVE-2022-48873 CVE-2022-48901 CVE-2022-48912 CVE-2022-48919 CVE-2022-48925 CVE-2023-52854 CVE-2024-26583 CVE-2024-26584 CVE-2024-26800 CVE-2024-41011 CVE-2024-41062 |
| CWE-ID | CWE-667 CWE-20 CWE-401 CWE-416 CWE-119 CWE-415 CWE-665 CWE-94 CWE-388 CWE-399 CWE-77 CWE-400 CWE-264 CWE-125 CWE-203 CWE-367 CWE-362 CWE-476 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #4 is available. Vulnerability #7 is being exploited in the wild. Public exploit code for vulnerability #9 is available. |
| Vulnerable software |
EMC Cloud Tiering Appliance Other software / Other software solutions |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 49 vulnerabilities.
1) Improper locking
EUVDB-ID: #VU97268
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46695
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smack_inode_notifysecctx() function in security/smack/smack_lsm.c, within the selinux_inode_notifysecctx() function in security/selinux/hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/459584258d47ec3cc6245a82e8a49c9d08eb8b57
http://git.kernel.org/stable/c/f71ec019257ba4f7ab198bd948c5902a207bad96
http://git.kernel.org/stable/c/76a0e79bc84f466999fa501fce5bf7a07641b8a7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper locking
EUVDB-ID: #VU96295
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43882
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bprm_fill_uid() function in fs/exec.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/d5c3c7e26275a2d83b894d30f7582a42853a958f
http://git.kernel.org/stable/c/368f6985d46657b8b466a421dddcacd4051f7ada
http://git.kernel.org/stable/c/15469d46ba34559bfe7e3de6659115778c624759
http://git.kernel.org/stable/c/9b424c5d4130d56312e2a3be17efb0928fec4d64
http://git.kernel.org/stable/c/f6cfc6bcfd5e1cf76115b6450516ea4c99897ae1
http://git.kernel.org/stable/c/d2a2a4714d80d09b0f8eb6438ab4224690b7121e
http://git.kernel.org/stable/c/90dfbba89ad4f0d9c9744ecbb1adac4aa2ff4f3e
http://git.kernel.org/stable/c/f50733b45d865f91db90919f8311e2127ce5a0cb
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU96493
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43883
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vhci_urb_enqueue(), vhci_shutdown_connection() and vhci_device_reset() functions in drivers/usb/usbip/vhci_hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89
http://git.kernel.org/stable/c/9c3746ce8d8fcb3a2405644fc0eec7fc5312de80
http://git.kernel.org/stable/c/4dacdb9720aaab10b6be121eae55820174d97174
http://git.kernel.org/stable/c/e8c1e606dab8c56cf074b43b98d0805de7322ba2
http://git.kernel.org/stable/c/585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14
http://git.kernel.org/stable/c/128e82e41cf7d74a562726c1587d9d2ede1a0a37
http://git.kernel.org/stable/c/c3d0857b7fc2c49f68f89128a5440176089a8f54
http://git.kernel.org/stable/c/afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU96711
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-44947
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fuse_notify_store() function in fs/fuse/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4
http://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6
http://git.kernel.org/stable/c/18a067240817bee8a9360539af5d79a4bf5398a5
http://git.kernel.org/stable/c/3c0da3d163eb32f1f91891efaade027fa9b245b9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Use-after-free
EUVDB-ID: #VU96410
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48911
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_queue_entry_dup() function in net/netfilter/nfnetlink_queue.c, within the nf_queue_entry_release_refs(), nf_queue_entry_get_refs() and __nf_queue() functions in net/netfilter/nf_queue.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/21b27b2baa27423286e9b8d3f0b194d587083d95
http://git.kernel.org/stable/c/ef97921ccdc243170fcef857ba2a17cf697aece5
http://git.kernel.org/stable/c/34dc4a6a7f261736ef7183868a5bddad31c7f9e3
http://git.kernel.org/stable/c/43c25da41e3091b31a906651a43e80a2719aa1ff
http://git.kernel.org/stable/c/4d05239203fa38ea8a6f31e228460da4cb17a71a
http://git.kernel.org/stable/c/dd648bd1b33a828f62befa696b206c688da0ec43
http://git.kernel.org/stable/c/dcc3cb920bf7ba66ac5e9272293a9ba5f80917ee
http://git.kernel.org/stable/c/c3873070247d9e3c7a6b0cf9bf9b45e8018427b1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU97681
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48945
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the vivid_vid_cap_s_selection() function in drivers/media/platform/vivid/vivid-vid-cap.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/8c0ee15d9a102c732d0745566d254040085d5663
http://git.kernel.org/stable/c/5edc3604151919da8da0fb092b71d7dce07d848a
http://git.kernel.org/stable/c/9c7fba9503b826f0c061d136f8f0c9f953ed18b9
http://git.kernel.org/stable/c/54f259906039dbfe46c550011409fa16f72370f6
http://git.kernel.org/stable/c/f9d19f3a044ca651b0be52a4bf951ffe74259b9f
http://git.kernel.org/stable/c/ab54081a2843aefb837812fac5488cc8f1696142
http://git.kernel.org/stable/c/ccb5392c4fea0e7d9f7ab35567e839d74cb3998b
http://git.kernel.org/stable/c/2f558c5208b0f70c8140e08ce09fcc84da48e789
http://git.kernel.org/stable/c/94a7ad9283464b75b12516c5512541d467cefcf8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU91597
Risk: Critical
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2024-36971
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A remote attacker can send specially crafted packets to the system and execute arbitrary code.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/92f1655aa2b2294d0b49925f3b875a634bd3b59e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
8) Double free
EUVDB-ID: #VU95008
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41087
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ata_host_alloc() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/290073b2b557e4dc21ee74a1e403d9ae79e393a2
http://git.kernel.org/stable/c/56f1c7e290cd6c69c948fcd2e2a49e6a637ec38f
http://git.kernel.org/stable/c/010de9acbea58fbcbda08e3793d6262086a493fe
http://git.kernel.org/stable/c/5dde5f8b790274723640d29a07c5a97d57d62047
http://git.kernel.org/stable/c/702c1edbafb2e6f9d20f6d391273b5be09d366a5
http://git.kernel.org/stable/c/062e256516d7db5e7dcdef117f52025cd5c456e3
http://git.kernel.org/stable/c/8106da4d88bbaed809e023cc8014b766223d6e76
http://git.kernel.org/stable/c/ab9e0c529eb7cafebdd31fe1644524e80a48b05d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU96658
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-44946
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kcm_sendmsg(), KCM_STATS_ADD(), sk->sk_write_space() and init_kcm_sock() functions in net/kcm/kcmsock.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/72da240aafb142630cf16adc803ccdacb3780849
http://git.kernel.org/stable/c/00425508f30baa5ab6449a1f478480ca7cffa6da
http://git.kernel.org/stable/c/9c8d544ed619f704e2b70e63e08ab75630c2ea23
http://git.kernel.org/stable/c/807067bf014d4a3ae2cc55bd3de16f22a01eb580
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
10) Use-after-free
EUVDB-ID: #VU96843
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45003
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the inode_lru_list_del(), evict() and inode_lru_isolate() functions in fs/inode.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/3525ad25240dfdd8c78f3470911ed10aa727aa72
http://git.kernel.org/stable/c/03880af02a78bc9a98b5a581f529cf709c88a9b8
http://git.kernel.org/stable/c/cda54ec82c0f9d05393242b20b13f69b083f7e88
http://git.kernel.org/stable/c/437741eba63bf4e437e2beb5583f8633556a2b98
http://git.kernel.org/stable/c/b9bda5f6012dd00372f3a06a82ed8971a4c57c32
http://git.kernel.org/stable/c/9063ab49c11e9518a3f2352434bb276cc8134c5f
http://git.kernel.org/stable/c/2a0629834cd82f05d424bbc193374f9a43d1f87d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper Initialization
EUVDB-ID: #VU97184
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45021
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411
http://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8
http://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b
http://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227
http://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7
http://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c
http://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61
http://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer overflow
EUVDB-ID: #VU97563
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46774
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the SYSCALL_DEFINE1() function in arch/powerpc/kernel/rtas.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/68d8156480940b79227d58865ec5d2947b9384a8
http://git.kernel.org/stable/c/0974d03eb479384466d828d65637814bee6b26d7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU96105
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42271
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iucv_sever_path() function in net/iucv/af_iucv.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/8b424c9e44111c5a76f41c6b741f8d4c4179d876
http://git.kernel.org/stable/c/01437282fd3904810603f3dc98d2cac6b8b6fc84
http://git.kernel.org/stable/c/69620522c48ce8215e5eb55ffbab8cafee8f407d
http://git.kernel.org/stable/c/f558120cd709682b739207b48cf7479fd9568431
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Code Injection
EUVDB-ID: #VU95339
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-6345
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when processing URL in the package_index module of pypa/setuptools. A remote attacker can send a specially crafted request and execute arbitrary code on the target system via download functions.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5
http://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper error handling
EUVDB-ID: #VU96006
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-31145
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to improper error handling in x86 IOMMU identity mapping. A malicious guest can access memory regions related to other guests or the hypervisor.
Install update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://xenbits.xen.org/xsa/advisory-460.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Resource management error
EUVDB-ID: #VU96007
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-31146
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to improper management of shared resources when using PCI pass-through. A malicious guest can escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://xenbits.xen.org/xsa/advisory-461.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Command Injection
EUVDB-ID: #VU95571
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-6923
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to insufficient validation of newlines for email headers when
serializing an email message. A remote attacker can inject arbitrary headers into serialized email messages.
Install update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://github.com/python/cpython/pull/122233
http://github.com/python/cpython/issues/121650
http://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Resource exhaustion
EUVDB-ID: #VU96945
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-7592
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the 'http.cookies' standard library module when parsing cookies that contained backslashes for quoted characters in the cookie value. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://github.com/python/cpython/pull/123075
http://github.com/python/cpython/issues/123067
http://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/
http://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621
http://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1
http://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06
http://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a
http://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f
http://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU96619
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-31315
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper validation in a model specific register (MSR). A malicious application with ring0 access can modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper input validation
EUVDB-ID: #VU98647
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21208
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Networking component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://www.oracle.com/security-alerts/cpuoct2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper input validation
EUVDB-ID: #VU98645
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21210
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle Java SE. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://www.oracle.com/security-alerts/cpuoct2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper input validation
EUVDB-ID: #VU98648
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21217
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Serialization component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://www.oracle.com/security-alerts/cpuoct2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper input validation
EUVDB-ID: #VU98644
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21235
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://www.oracle.com/security-alerts/cpuoct2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Memory leak
EUVDB-ID: #VU96290
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43861
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/3c90a69533b5bba73401ef884d033ea49ee99662
http://git.kernel.org/stable/c/37c093449704017870604994ba9b813cdb9475a4
http://git.kernel.org/stable/c/e87f52225e04a7001bf55bbd7a330fa4252327b5
http://git.kernel.org/stable/c/c4251a3deccad852b27e60625f31fba6cc14372f
http://git.kernel.org/stable/c/da518cc9b64df391795d9952aed551e0f782e446
http://git.kernel.org/stable/c/f2c353227de14b0289298ffc3ba92058c4768384
http://git.kernel.org/stable/c/c6c5b91424fafc0f83852d961c10c7e43a001882
http://git.kernel.org/stable/c/7ab107544b777c3bd7feb9fe447367d8edd5b202
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU95503
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42232
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/1177afeca833174ba83504688eec898c6214f4bf
http://git.kernel.org/stable/c/63e5d035e3a7ab7412a008f202633c5e6a0a28ea
http://git.kernel.org/stable/c/34b76d1922e41da1fa73d43b764cddd82ac9733c
http://git.kernel.org/stable/c/20cf67dcb7db842f941eff1af6ee5e9dc41796d7
http://git.kernel.org/stable/c/2d33654d40a05afd91ab24c9a73ab512a0670a9a
http://git.kernel.org/stable/c/9525af1f58f67df387768770fcf6d6a8f23aee3d
http://git.kernel.org/stable/c/33d38c5da17f8db2d80e811b7829d2822c10625e
http://git.kernel.org/stable/c/69c7b2fe4c9cc1d3b1186d1c5606627ecf0de883
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Memory leak
EUVDB-ID: #VU94397
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48853
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the Documentation/DMA-attributes.txt, include/linux/dma-mapping.h, lib/swiotlb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/c132f2ba716b5ee6b35f82226a6e5417d013d753
http://git.kernel.org/stable/c/971e5dadffd02beba1063e7dd9c3a82de17cf534
http://git.kernel.org/stable/c/8d9ac1b6665c73f23e963775f85d99679fd8e192
http://git.kernel.org/stable/c/6bfc5377a210dbda2a237f16d94d1bd4f1335026
http://git.kernel.org/stable/c/d4d975e7921079f877f828099bb8260af335508f
http://git.kernel.org/stable/c/7403f4118ab94be837ab9d770507537a8057bc63
http://git.kernel.org/stable/c/270475d6d2410ec66e971bf181afe1958dad565e
http://git.kernel.org/stable/c/ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds read
EUVDB-ID: #VU93424
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-5535
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the SSL_select_next_proto() function when using NPN. A remote attacker can send specially crafted data to the application, trigger an out-of-bounds read and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://www.openssl.org/news/secadv/20240627.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Observable discrepancy
EUVDB-ID: #VU88199
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-50782
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://access.redhat.com/security/cve/CVE-2023-50782
http://bugzilla.redhat.com/show_bug.cgi?id=2254432
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU95605
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-7348
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges within the database.
The vulnerability exists due to a race condition when executing concurrent pg_dump sessions. A remote user with privileges to create and drop non-temporary objects can execute arbitrary SQL commands with the privileges of the role running pg_dump (which is often a superuser).
Install update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://www.postgresql.org/support/security/CVE-2024-7348/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Memory leak
EUVDB-ID: #VU63427
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-0854
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due memory leak in the Linux kernel’s DMA subsystem when processing DMA_FROM_DEVICE calls. A local user can trigger a memory leak error and read random memory from the kernel space.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Out-of-bounds read
EUVDB-ID: #VU67473
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20368
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the packet_recvmsg() function in Linux kernel. A local user can trigger an out-of-bounds read error and potentially escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-08-01
http://android.googlesource.com/kernel/common/+/a0046956bf6fe
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Use-after-free
EUVDB-ID: #VU90175
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48686
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_tcp_io_work() function in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/19816a0214684f70b49b25075ff8c402fdd611d3
http://git.kernel.org/stable/c/5914fa32ef1b7766fea933f9eed94ac5c00aa7ff
http://git.kernel.org/stable/c/13c80a6c112467bab5e44d090767930555fc17a5
http://git.kernel.org/stable/c/c3eb461aa56e6fa94fb80442ba2586bd223a8886
http://git.kernel.org/stable/c/160f3549a907a50e51a8518678ba2dcf2541abea
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Use-after-free
EUVDB-ID: #VU94421
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48791
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pm8001_exec_internal_tmf_task() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/d872e7b5fe38f325f5206b6872746fa02c2b4819
http://git.kernel.org/stable/c/3c334cdfd94945b8edb94022a0371a8665b17366
http://git.kernel.org/stable/c/510b21442c3a2e3ecc071ba3e666b320e7acdd61
http://git.kernel.org/stable/c/61f162aa4381845acbdc7f2be4dfb694d027c018
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper error handling
EUVDB-ID: #VU94460
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48802
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the smaps_page_accumulate(), smaps_account(), smaps_pte_entry(), smaps_pmd_entry(), pte_to_pagemap_entry() and pagemap_pmd_range() functions in fs/proc/task_mmu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/db3f3636e4aed2cba3e4e7897a053323f7a62249
http://git.kernel.org/stable/c/a8dd0cfa37792863b6c4bf9542975212a6715d49
http://git.kernel.org/stable/c/05d3f8045efa59457b323caf00bdb9273b7962fa
http://git.kernel.org/stable/c/24d7275ce2791829953ed4e72f68277ceb2571c6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Out-of-bounds read
EUVDB-ID: #VU94432
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48805
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ax88179_rx_fixup() function in drivers/net/usb/ax88179_178a.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/711b6bf3fb052f0a6b5b3205d50e30c0c2980382
http://git.kernel.org/stable/c/63f0cfb36c1f1964a59ce544156677601e2d8740
http://git.kernel.org/stable/c/1668781ed24da43498799aa4f65714a7de201930
http://git.kernel.org/stable/c/a0fd5492ee769029a636f1fb521716b022b1423d
http://git.kernel.org/stable/c/758290defe93a865a2880d10c5d5abd288b64b5d
http://git.kernel.org/stable/c/ffd0393adcdcefab7e131488e10dcfde5e02d6eb
http://git.kernel.org/stable/c/9681823f96a811268265f35307072ad80713c274
http://git.kernel.org/stable/c/57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Memory leak
EUVDB-ID: #VU94392
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48839
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpacket_rcv() and packet_recvmsg() functions in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/b9d5772d60f8e7ef34e290f72fc20e3a4883e7d0
http://git.kernel.org/stable/c/b1e27cda1e3c12b705875bb7e247a97168580e33
http://git.kernel.org/stable/c/a33dd1e6693f80d805155b3f69c18c2f642915da
http://git.kernel.org/stable/c/268dcf1f7b3193bc446ec3d14e08a240e9561e4d
http://git.kernel.org/stable/c/70b7b3c055fd4a464da8da55ff4c1f84269f9b02
http://git.kernel.org/stable/c/a055f5f2841f7522b44a2b1eccb1951b4b03d51a
http://git.kernel.org/stable/c/ef591b35176029fdefea38e8388ffa371e18f4b2
http://git.kernel.org/stable/c/c700525fcc06b05adfea78039de02628af79e07a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Use-after-free
EUVDB-ID: #VU96329
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48872
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fastrpc_map_put() function in drivers/misc/fastrpc.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/556dfdb226ce1e5231d8836159b23f8bb0395bf4
http://git.kernel.org/stable/c/b171d0d2cf1b8387c72c8d325c5d5746fa271e39
http://git.kernel.org/stable/c/61a0890cb95afec5c8a2f4a879de2b6220984ef1
http://git.kernel.org/stable/c/079c78c68714f7d8d58e66c477b0243b31806907
http://git.kernel.org/stable/c/96b328d119eca7563c1edcc4e1039a62e6370ecb
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Resource management error
EUVDB-ID: #VU95068
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42077
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ocfs2_extend_trans() function in fs/ocfs2/journal.c, within the ocfs2_dio_end_io_write() function in fs/ocfs2/aops.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/a68b896aa56e435506453ec8835bc991ec3ae687
http://git.kernel.org/stable/c/320273b5649bbcee87f9e65343077189699d2a7a
http://git.kernel.org/stable/c/9ea2d1c6789722d58ec191f14f9a02518d55b6b4
http://git.kernel.org/stable/c/c05ffb693bfb42a48ef3ee88a55b57392984e111
http://git.kernel.org/stable/c/331d1079d58206ff7dc5518185f800b412f89bc6
http://git.kernel.org/stable/c/be346c1a6eeb49d8fda827d2a9522124c2f72f36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU96330
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48873
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fastrpc_free_map(), fastrpc_buf_free() and fastrpc_device_release() functions in drivers/misc/fastrpc.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/4b5c44e924a571d0ad07054de549624fbc04e4d7
http://git.kernel.org/stable/c/193cd853145b63e670bd73740250983af1475330
http://git.kernel.org/stable/c/1b7b7bb400dd13dcb03fc6e591bb7ca4664bbec8
http://git.kernel.org/stable/c/35ddd482345c43d9eec1f3406c0f20a95ed4054b
http://git.kernel.org/stable/c/5bb96c8f9268e2fdb0e5321cbc358ee5941efc15
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper locking
EUVDB-ID: #VU96434
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48901
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the btrfs_maybe_wake_unfinished_drop() and btrfs_add_dead_root() functions in fs/btrfs/transaction.c, within the btrfs_find_orphan_roots() function in fs/btrfs/root-tree.c, within the btrfs_relocate_block_group() function in fs/btrfs/relocation.c, within the btrfs_drop_snapshot() and btrfs_free_path() functions in fs/btrfs/extent-tree.c, within the open_ctree() and close_ctree() functions in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/6599d5e8bd758d897fd2ef4dc388ae50278b1f7e
http://git.kernel.org/stable/c/5e70bc827b563caf22e1203428cc3719643de5aa
http://git.kernel.org/stable/c/b4be6aefa73c9a6899ef3ba9c5faaa8a66e333ef
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Use-after-free
EUVDB-ID: #VU96411
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48912
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_register_net_hook() function in net/netfilter/core.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/05f7927b25d2635e87267ff6c79db79fb46cf313
http://git.kernel.org/stable/c/bdd8fc1b826e6f23963f5bef3f7431c6188ec954
http://git.kernel.org/stable/c/49c24579cec41e32f13d57b337fd28fb208d4a5b
http://git.kernel.org/stable/c/8b0142c4143c1ca297dcf2c0cdd045d65dae2344
http://git.kernel.org/stable/c/bd61f192a339b1095dfd6d56073a5265934c2979
http://git.kernel.org/stable/c/5a8076e98dde17224dd47283b894a8b1dbe1bc72
http://git.kernel.org/stable/c/56763f12b0f02706576a088e85ef856deacc98a0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Use-after-free
EUVDB-ID: #VU96413
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48919
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cifs_do_mount() function in fs/cifs/cifsfs.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/da834d6c1147c7519a9e55b510a03b7055104749
http://git.kernel.org/stable/c/147a0e71ccf96df9fc8c2ac500829d8e423ef02c
http://git.kernel.org/stable/c/2fe0e281f7ad0a62259649764228227dd6b2561d
http://git.kernel.org/stable/c/e208668ef7ba23efcbf76a8200cab8deee501c4d
http://git.kernel.org/stable/c/df9db1a2af37f39ad1653c7b9b0d275d72d0bc67
http://git.kernel.org/stable/c/546d60859ecf13380fcabcbeace53a5971493a2b
http://git.kernel.org/stable/c/563431c1f3c8f2230e4a9c445fa23758742bc4f0
http://git.kernel.org/stable/c/3d6cc9898efdfb062efb74dc18cfc700e082f5d5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Use-after-free
EUVDB-ID: #VU96414
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48925
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cma_bind_addr() function in drivers/infiniband/core/cma.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/5b1cef5798b4fd6e4fd5522e7b8a26248beeacaa
http://git.kernel.org/stable/c/00265efbd3e5705038c9492a434fda8cf960c8a2
http://git.kernel.org/stable/c/d350724795c7a48b05bf921d94699fbfecf7da0b
http://git.kernel.org/stable/c/22e9f71072fa605cbf033158db58e0790101928d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Use-after-free
EUVDB-ID: #VU90083
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52854
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL() function in kernel/padata.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/41aad9d6953984d134fc50f631f24ef476875d4d
http://git.kernel.org/stable/c/0dd34a7ad395dbcf6ae60e48e9786050e25b9bc5
http://git.kernel.org/stable/c/c7c26d0ef5d20f00dbb2ae3befcabbe0efa77275
http://git.kernel.org/stable/c/1e901bcb8af19416b65f5063a4af7996e5a51d7f
http://git.kernel.org/stable/c/1734a79e951914f1db2c65e635012a35db1c674b
http://git.kernel.org/stable/c/7ddc21e317b360c3444de3023bcc83b85fabae2f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Race condition
EUVDB-ID: #VU87596
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26583
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition between async notify and socket close in TLS implementation in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system, trigger a race condition and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/aec7961916f3f9e88766e2688992da6980f11b8d
http://git.kernel.org/stable/c/7a3ca06d04d589deec81f56229a9a9d62352ce01
http://git.kernel.org/stable/c/86dc27ee36f558fe223dbdfbfcb6856247356f4a
http://git.kernel.org/stable/c/6209319b2efdd8524691187ee99c40637558fa33
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Error handling
EUVDB-ID: #VU89001
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26584
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when handling backlogging of crypto requests in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/8590541473188741055d27b955db0777569438e3
http://git.kernel.org/stable/c/13eca403876bbea3716e82cdfe6f1e6febb38754
http://git.kernel.org/stable/c/ab6397f072e5097f267abf5cb08a8004e6b17694
http://git.kernel.org/stable/c/cd1bbca03f3c1d845ce274c0d0a66de8e5929f72
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Use-after-free
EUVDB-ID: #VU90210
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the struct_group(), tls_do_decryption() and tls_decrypt_sg() functions in net/tls/tls_sw.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/81be85353b0f5a7b660635634b655329b429eefe
http://git.kernel.org/stable/c/1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1
http://git.kernel.org/stable/c/f2b85a4cc763841843de693bbd7308fe9a2c4c89
http://git.kernel.org/stable/c/13114dc5543069f7b97991e3b79937b6da05f5b0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Input validation error
EUVDB-ID: #VU94530
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41011
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kfd_ioctl_alloc_memory_of_gpu(), criu_restore_memory_of_gpu() and kfd_mmio_mmap() functions in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/89fffbdf535ce659c1a26b51ad62070566e33b28
http://git.kernel.org/stable/c/4b4cff994a27ebf7bd3fb9a798a1cdfa8d01b724
http://git.kernel.org/stable/c/6186c93560889265bfe0914609c274eff40bbeb5
http://git.kernel.org/stable/c/be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) NULL pointer dereference
EUVDB-ID: #VU94977
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41062
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the l2cap_sock_kill(), l2cap_sock_new_connection_cb() and l2cap_sock_recv_cb() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttp://git.kernel.org/stable/c/605572e64cd9cebb05ed609d96cff05b50d18cdf
http://git.kernel.org/stable/c/b803f30ea23e0968b6c8285c42adf0d862ab2bf6
http://git.kernel.org/stable/c/3b732449b78183d17178db40be3a4401cf3cd629
http://git.kernel.org/stable/c/89e856e124f9ae548572c56b1b70c2255705f8fe
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
