Risk | Low |
Patch available | YES |
Number of vulnerabilities | 20 |
CVE-ID | CVE-2024-41932 CVE-2024-53687 CVE-2024-55916 CVE-2024-56657 CVE-2024-56716 CVE-2024-56719 CVE-2024-56765 CVE-2024-56770 CVE-2024-57798 CVE-2024-57907 CVE-2024-57935 CVE-2024-57977 CVE-2024-58010 CVE-2025-21634 CVE-2025-21650 CVE-2025-21651 CVE-2025-21731 CVE-2025-21733 CVE-2025-21802 CVE-2025-21815 |
CWE-ID | CWE-399 CWE-476 CWE-682 CWE-416 CWE-401 CWE-20 CWE-667 CWE-190 CWE-125 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 20 vulnerabilities.
EUVDB-ID: #VU102983
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41932
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __sched_setaffinity() function in kernel/sched/syscalls.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-80.0.0.74
python3-perf: before 6.6.0-80.0.0.74
perf-debuginfo: before 6.6.0-80.0.0.74
perf: before 6.6.0-80.0.0.74
kernel-tools-devel: before 6.6.0-80.0.0.74
kernel-tools-debuginfo: before 6.6.0-80.0.0.74
kernel-tools: before 6.6.0-80.0.0.74
kernel-source: before 6.6.0-80.0.0.74
kernel-headers: before 6.6.0-80.0.0.74
kernel-devel: before 6.6.0-80.0.0.74
kernel-debugsource: before 6.6.0-80.0.0.74
kernel-debuginfo: before 6.6.0-80.0.0.74
bpftool-debuginfo: before 6.6.0-80.0.0.74
bpftool: before 6.6.0-80.0.0.74
kernel: before 6.6.0-80.0.0.74
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU102975
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53687
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the arch/riscv/include/asm/kfence.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-80.0.0.74
python3-perf: before 6.6.0-80.0.0.74
perf-debuginfo: before 6.6.0-80.0.0.74
perf: before 6.6.0-80.0.0.74
kernel-tools-devel: before 6.6.0-80.0.0.74
kernel-tools-debuginfo: before 6.6.0-80.0.0.74
kernel-tools: before 6.6.0-80.0.0.74
kernel-source: before 6.6.0-80.0.0.74
kernel-headers: before 6.6.0-80.0.0.74
kernel-devel: before 6.6.0-80.0.0.74
kernel-debugsource: before 6.6.0-80.0.0.74
kernel-debuginfo: before 6.6.0-80.0.0.74
bpftool-debuginfo: before 6.6.0-80.0.0.74
bpftool: before 6.6.0-80.0.0.74
kernel: before 6.6.0-80.0.0.74
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU102929
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-55916
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the util_probe() function in drivers/hv/hv_util.c, within the hv_vss_init() function in drivers/hv/hv_snapshot.c, within the hv_kvp_init() function in drivers/hv/hv_kvp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-80.0.0.74
python3-perf: before 6.6.0-80.0.0.74
perf-debuginfo: before 6.6.0-80.0.0.74
perf: before 6.6.0-80.0.0.74
kernel-tools-devel: before 6.6.0-80.0.0.74
kernel-tools-debuginfo: before 6.6.0-80.0.0.74
kernel-tools: before 6.6.0-80.0.0.74
kernel-source: before 6.6.0-80.0.0.74
kernel-headers: before 6.6.0-80.0.0.74
kernel-devel: before 6.6.0-80.0.0.74
kernel-debugsource: before 6.6.0-80.0.0.74
kernel-debuginfo: before 6.6.0-80.0.0.74
bpftool-debuginfo: before 6.6.0-80.0.0.74
bpftool: before 6.6.0-80.0.0.74
kernel: before 6.6.0-80.0.0.74
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU102246
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56657
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the snd_ctl_led_sysfs_add() function in sound/core/control_led.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-80.0.0.74
python3-perf: before 6.6.0-80.0.0.74
perf-debuginfo: before 6.6.0-80.0.0.74
perf: before 6.6.0-80.0.0.74
kernel-tools-devel: before 6.6.0-80.0.0.74
kernel-tools-debuginfo: before 6.6.0-80.0.0.74
kernel-tools: before 6.6.0-80.0.0.74
kernel-source: before 6.6.0-80.0.0.74
kernel-headers: before 6.6.0-80.0.0.74
kernel-devel: before 6.6.0-80.0.0.74
kernel-debugsource: before 6.6.0-80.0.0.74
kernel-debuginfo: before 6.6.0-80.0.0.74
bpftool-debuginfo: before 6.6.0-80.0.0.74
bpftool: before 6.6.0-80.0.0.74
kernel: before 6.6.0-80.0.0.74
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU102256
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56716
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the nsim_dev_health_break_write() function in drivers/net/netdevsim/health.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-80.0.0.74
python3-perf: before 6.6.0-80.0.0.74
perf-debuginfo: before 6.6.0-80.0.0.74
perf: before 6.6.0-80.0.0.74
kernel-tools-devel: before 6.6.0-80.0.0.74
kernel-tools-debuginfo: before 6.6.0-80.0.0.74
kernel-tools: before 6.6.0-80.0.0.74
kernel-source: before 6.6.0-80.0.0.74
kernel-headers: before 6.6.0-80.0.0.74
kernel-devel: before 6.6.0-80.0.0.74
kernel-debugsource: before 6.6.0-80.0.0.74
kernel-debuginfo: before 6.6.0-80.0.0.74
bpftool-debuginfo: before 6.6.0-80.0.0.74
bpftool: before 6.6.0-80.0.0.74
kernel: before 6.6.0-80.0.0.74
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU102009
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56719
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the stmmac_tso_xmit() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-80.0.0.74
python3-perf: before 6.6.0-80.0.0.74
perf-debuginfo: before 6.6.0-80.0.0.74
perf: before 6.6.0-80.0.0.74
kernel-tools-devel: before 6.6.0-80.0.0.74
kernel-tools-debuginfo: before 6.6.0-80.0.0.74
kernel-tools: before 6.6.0-80.0.0.74
kernel-source: before 6.6.0-80.0.0.74
kernel-headers: before 6.6.0-80.0.0.74
kernel-devel: before 6.6.0-80.0.0.74
kernel-debugsource: before 6.6.0-80.0.0.74
kernel-debuginfo: before 6.6.0-80.0.0.74
bpftool-debuginfo: before 6.6.0-80.0.0.74
bpftool: before 6.6.0-80.0.0.74
kernel: before 6.6.0-80.0.0.74
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU102396
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56765
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vas_mmap_fault() function in arch/powerpc/platforms/book3s/vas-api.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-80.0.0.74
python3-perf: before 6.6.0-80.0.0.74
perf-debuginfo: before 6.6.0-80.0.0.74
perf: before 6.6.0-80.0.0.74
kernel-tools-devel: before 6.6.0-80.0.0.74
kernel-tools-debuginfo: before 6.6.0-80.0.0.74
kernel-tools: before 6.6.0-80.0.0.74
kernel-source: before 6.6.0-80.0.0.74
kernel-headers: before 6.6.0-80.0.0.74
kernel-devel: before 6.6.0-80.0.0.74
kernel-debugsource: before 6.6.0-80.0.0.74
kernel-debuginfo: before 6.6.0-80.0.0.74
bpftool-debuginfo: before 6.6.0-80.0.0.74
bpftool: before 6.6.0-80.0.0.74
kernel: before 6.6.0-80.0.0.74
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU102490
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56770
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tfifo_reset(), tfifo_enqueue(), netem_enqueue() and netem_dequeue() functions in net/sched/sch_netem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-80.0.0.74
python3-perf: before 6.6.0-80.0.0.74
perf-debuginfo: before 6.6.0-80.0.0.74
perf: before 6.6.0-80.0.0.74
kernel-tools-devel: before 6.6.0-80.0.0.74
kernel-tools-debuginfo: before 6.6.0-80.0.0.74
kernel-tools: before 6.6.0-80.0.0.74
kernel-source: before 6.6.0-80.0.0.74
kernel-headers: before 6.6.0-80.0.0.74
kernel-devel: before 6.6.0-80.0.0.74
kernel-debugsource: before 6.6.0-80.0.0.74
kernel-debuginfo: before 6.6.0-80.0.0.74
bpftool-debuginfo: before 6.6.0-80.0.0.74
bpftool: before 6.6.0-80.0.0.74
kernel: before 6.6.0-80.0.0.74
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU102915
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57798
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_dp_mst_up_req_work() and drm_dp_mst_handle_up_req() functions in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-80.0.0.74
python3-perf: before 6.6.0-80.0.0.74
perf-debuginfo: before 6.6.0-80.0.0.74
perf: before 6.6.0-80.0.0.74
kernel-tools-devel: before 6.6.0-80.0.0.74
kernel-tools-debuginfo: before 6.6.0-80.0.0.74
kernel-tools: before 6.6.0-80.0.0.74
kernel-source: before 6.6.0-80.0.0.74
kernel-headers: before 6.6.0-80.0.0.74
kernel-devel: before 6.6.0-80.0.0.74
kernel-debugsource: before 6.6.0-80.0.0.74
kernel-debuginfo: before 6.6.0-80.0.0.74
bpftool-debuginfo: before 6.6.0-80.0.0.74
bpftool: before 6.6.0-80.0.0.74
kernel: before 6.6.0-80.0.0.74
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU103003
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57907
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rockchip_saradc_trigger_handler() function in drivers/iio/adc/rockchip_saradc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-80.0.0.74
python3-perf: before 6.6.0-80.0.0.74
perf-debuginfo: before 6.6.0-80.0.0.74
perf: before 6.6.0-80.0.0.74
kernel-tools-devel: before 6.6.0-80.0.0.74
kernel-tools-debuginfo: before 6.6.0-80.0.0.74
kernel-tools: before 6.6.0-80.0.0.74
kernel-source: before 6.6.0-80.0.0.74
kernel-headers: before 6.6.0-80.0.0.74
kernel-devel: before 6.6.0-80.0.0.74
kernel-debugsource: before 6.6.0-80.0.0.74
kernel-debuginfo: before 6.6.0-80.0.0.74
bpftool-debuginfo: before 6.6.0-80.0.0.74
bpftool: before 6.6.0-80.0.0.74
kernel: before 6.6.0-80.0.0.74
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU103143
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57935
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the put_dip_ctx_idx() function in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-80.0.0.74
python3-perf: before 6.6.0-80.0.0.74
perf-debuginfo: before 6.6.0-80.0.0.74
perf: before 6.6.0-80.0.0.74
kernel-tools-devel: before 6.6.0-80.0.0.74
kernel-tools-debuginfo: before 6.6.0-80.0.0.74
kernel-tools: before 6.6.0-80.0.0.74
kernel-source: before 6.6.0-80.0.0.74
kernel-headers: before 6.6.0-80.0.0.74
kernel-devel: before 6.6.0-80.0.0.74
kernel-debugsource: before 6.6.0-80.0.0.74
kernel-debuginfo: before 6.6.0-80.0.0.74
bpftool-debuginfo: before 6.6.0-80.0.0.74
bpftool: before 6.6.0-80.0.0.74
kernel: before 6.6.0-80.0.0.74
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU105026
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57977
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dump_tasks() function in mm/oom_kill.c, within the mem_cgroup_scan_tasks() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-80.0.0.74
python3-perf: before 6.6.0-80.0.0.74
perf-debuginfo: before 6.6.0-80.0.0.74
perf: before 6.6.0-80.0.0.74
kernel-tools-devel: before 6.6.0-80.0.0.74
kernel-tools-debuginfo: before 6.6.0-80.0.0.74
kernel-tools: before 6.6.0-80.0.0.74
kernel-source: before 6.6.0-80.0.0.74
kernel-headers: before 6.6.0-80.0.0.74
kernel-devel: before 6.6.0-80.0.0.74
kernel-debugsource: before 6.6.0-80.0.0.74
kernel-debuginfo: before 6.6.0-80.0.0.74
bpftool-debuginfo: before 6.6.0-80.0.0.74
bpftool: before 6.6.0-80.0.0.74
kernel: before 6.6.0-80.0.0.74
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU105047
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-58010
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the load_flat_file() function in fs/binfmt_flat.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-80.0.0.74
python3-perf: before 6.6.0-80.0.0.74
perf-debuginfo: before 6.6.0-80.0.0.74
perf: before 6.6.0-80.0.0.74
kernel-tools-devel: before 6.6.0-80.0.0.74
kernel-tools-debuginfo: before 6.6.0-80.0.0.74
kernel-tools: before 6.6.0-80.0.0.74
kernel-source: before 6.6.0-80.0.0.74
kernel-headers: before 6.6.0-80.0.0.74
kernel-devel: before 6.6.0-80.0.0.74
kernel-debugsource: before 6.6.0-80.0.0.74
kernel-debuginfo: before 6.6.0-80.0.0.74
bpftool-debuginfo: before 6.6.0-80.0.0.74
bpftool: before 6.6.0-80.0.0.74
kernel: before 6.6.0-80.0.0.74
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU103035
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21634
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cpuset_write_resmask() function in kernel/cgroup/cpuset.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-80.0.0.74
python3-perf: before 6.6.0-80.0.0.74
perf-debuginfo: before 6.6.0-80.0.0.74
perf: before 6.6.0-80.0.0.74
kernel-tools-devel: before 6.6.0-80.0.0.74
kernel-tools-debuginfo: before 6.6.0-80.0.0.74
kernel-tools: before 6.6.0-80.0.0.74
kernel-source: before 6.6.0-80.0.0.74
kernel-headers: before 6.6.0-80.0.0.74
kernel-devel: before 6.6.0-80.0.0.74
kernel-debugsource: before 6.6.0-80.0.0.74
kernel-debuginfo: before 6.6.0-80.0.0.74
bpftool-debuginfo: before 6.6.0-80.0.0.74
bpftool: before 6.6.0-80.0.0.74
kernel: before 6.6.0-80.0.0.74
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU103015
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21650
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hclgevf_get_regs_len() and hclgevf_get_regs() functions in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_regs.c, within the hclge_fetch_pf_reg() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_regs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-80.0.0.74
python3-perf: before 6.6.0-80.0.0.74
perf-debuginfo: before 6.6.0-80.0.0.74
perf: before 6.6.0-80.0.0.74
kernel-tools-devel: before 6.6.0-80.0.0.74
kernel-tools-debuginfo: before 6.6.0-80.0.0.74
kernel-tools: before 6.6.0-80.0.0.74
kernel-source: before 6.6.0-80.0.0.74
kernel-headers: before 6.6.0-80.0.0.74
kernel-devel: before 6.6.0-80.0.0.74
kernel-debugsource: before 6.6.0-80.0.0.74
kernel-debuginfo: before 6.6.0-80.0.0.74
bpftool-debuginfo: before 6.6.0-80.0.0.74
bpftool: before 6.6.0-80.0.0.74
kernel: before 6.6.0-80.0.0.74
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU103046
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21651
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hclge_misc_irq_init(), hclge_init_ae_dev() and hclge_uninit_ae_dev() functions in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-80.0.0.74
python3-perf: before 6.6.0-80.0.0.74
perf-debuginfo: before 6.6.0-80.0.0.74
perf: before 6.6.0-80.0.0.74
kernel-tools-devel: before 6.6.0-80.0.0.74
kernel-tools-debuginfo: before 6.6.0-80.0.0.74
kernel-tools: before 6.6.0-80.0.0.74
kernel-source: before 6.6.0-80.0.0.74
kernel-headers: before 6.6.0-80.0.0.74
kernel-devel: before 6.6.0-80.0.0.74
kernel-debugsource: before 6.6.0-80.0.0.74
kernel-debuginfo: before 6.6.0-80.0.0.74
bpftool-debuginfo: before 6.6.0-80.0.0.74
bpftool: before 6.6.0-80.0.0.74
kernel: before 6.6.0-80.0.0.74
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104969
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21731
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_disconnect_and_put() function in drivers/block/nbd.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-80.0.0.74
python3-perf: before 6.6.0-80.0.0.74
perf-debuginfo: before 6.6.0-80.0.0.74
perf: before 6.6.0-80.0.0.74
kernel-tools-devel: before 6.6.0-80.0.0.74
kernel-tools-debuginfo: before 6.6.0-80.0.0.74
kernel-tools: before 6.6.0-80.0.0.74
kernel-source: before 6.6.0-80.0.0.74
kernel-headers: before 6.6.0-80.0.0.74
kernel-devel: before 6.6.0-80.0.0.74
kernel-debugsource: before 6.6.0-80.0.0.74
kernel-debuginfo: before 6.6.0-80.0.0.74
bpftool-debuginfo: before 6.6.0-80.0.0.74
bpftool: before 6.6.0-80.0.0.74
kernel: before 6.6.0-80.0.0.74
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU105074
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21733
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the trace_sched_migrate_callback() and register_migration_monitor() functions in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-80.0.0.74
python3-perf: before 6.6.0-80.0.0.74
perf-debuginfo: before 6.6.0-80.0.0.74
perf: before 6.6.0-80.0.0.74
kernel-tools-devel: before 6.6.0-80.0.0.74
kernel-tools-debuginfo: before 6.6.0-80.0.0.74
kernel-tools: before 6.6.0-80.0.0.74
kernel-source: before 6.6.0-80.0.0.74
kernel-headers: before 6.6.0-80.0.0.74
kernel-devel: before 6.6.0-80.0.0.74
kernel-debugsource: before 6.6.0-80.0.0.74
kernel-debuginfo: before 6.6.0-80.0.0.74
bpftool-debuginfo: before 6.6.0-80.0.0.74
bpftool: before 6.6.0-80.0.0.74
kernel: before 6.6.0-80.0.0.74
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU105162
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21802
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hclgevf_init() function in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c, within the hclge_init() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c, within the module_init() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c, within the EXPORT_SYMBOL() function in drivers/net/ethernet/hisilicon/hns3/hnae3.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-80.0.0.74
python3-perf: before 6.6.0-80.0.0.74
perf-debuginfo: before 6.6.0-80.0.0.74
perf: before 6.6.0-80.0.0.74
kernel-tools-devel: before 6.6.0-80.0.0.74
kernel-tools-debuginfo: before 6.6.0-80.0.0.74
kernel-tools: before 6.6.0-80.0.0.74
kernel-source: before 6.6.0-80.0.0.74
kernel-headers: before 6.6.0-80.0.0.74
kernel-devel: before 6.6.0-80.0.0.74
kernel-debugsource: before 6.6.0-80.0.0.74
kernel-debuginfo: before 6.6.0-80.0.0.74
bpftool-debuginfo: before 6.6.0-80.0.0.74
bpftool: before 6.6.0-80.0.0.74
kernel: before 6.6.0-80.0.0.74
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU105137
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21815
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the isolate_freepages_block() function in mm/compaction.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-80.0.0.74
python3-perf: before 6.6.0-80.0.0.74
perf-debuginfo: before 6.6.0-80.0.0.74
perf: before 6.6.0-80.0.0.74
kernel-tools-devel: before 6.6.0-80.0.0.74
kernel-tools-debuginfo: before 6.6.0-80.0.0.74
kernel-tools: before 6.6.0-80.0.0.74
kernel-source: before 6.6.0-80.0.0.74
kernel-headers: before 6.6.0-80.0.0.74
kernel-devel: before 6.6.0-80.0.0.74
kernel-debugsource: before 6.6.0-80.0.0.74
kernel-debuginfo: before 6.6.0-80.0.0.74
bpftool-debuginfo: before 6.6.0-80.0.0.74
bpftool: before 6.6.0-80.0.0.74
kernel: before 6.6.0-80.0.0.74
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.