Risk | Low |
Patch available | YES |
Number of vulnerabilities | 27 |
CVE-ID | CVE-2021-47631 CVE-2021-47642 CVE-2022-49044 CVE-2022-49055 CVE-2022-49114 CVE-2022-49137 CVE-2022-49253 CVE-2022-49308 CVE-2022-49326 CVE-2022-49341 CVE-2022-49351 CVE-2022-49404 CVE-2022-49433 CVE-2022-49439 CVE-2022-49447 CVE-2022-49526 CVE-2022-49564 CVE-2022-49620 CVE-2022-49648 CVE-2022-49661 CVE-2022-49685 CVE-2023-52572 CVE-2024-54680 CVE-2024-56548 CVE-2024-56606 CVE-2025-21700 CVE-2025-21702 |
CWE-ID | CWE-476 CWE-119 CWE-416 CWE-401 CWE-388 CWE-665 CWE-190 CWE-20 CWE-191 CWE-399 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component python2-perf-debuginfo Operating systems & Components / Operating system package or component python2-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 27 vulnerabilities.
EUVDB-ID: #VU104649
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47631
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the da850_evm_config_emac() function in arch/arm/mach-davinci/board-da850-evm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104808
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47642
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nvidia_setup_i2c_bus() function in drivers/video/fbdev/nvidia/nv_i2c.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104801
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49044
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kvmalloc_array() function in drivers/md/dm-integrity.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104620
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49055
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the alloc_event_waiters() function in drivers/gpu/drm/amd/amdkfd/kfd_events.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104469
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49114
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fc_exch_abts_resp() function in drivers/scsi/libfc/fc_exch.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104380
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49137
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the amdgpu_cs_fence_to_handle_ioctl() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104234
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49253
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the s2250_probe() and i2c_unregister_device() functions in drivers/media/usb/go7007/s2250-board.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104753
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49308
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the extcon_dev_register() and extcon_dev_unregister() functions in drivers/extcon/extcon.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104859
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49326
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the rtl8180_tx() function in drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104251
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49341
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bpf_jit_binary_free() function in arch/arm64/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104254
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49351
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the altera_tse_mdio_create() function in drivers/net/ethernet/altera/altera_tse_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104780
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49404
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the set_link_ipg() function in drivers/infiniband/hw/hfi1/init.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104421
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49433
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sdma_clean() function in drivers/infiniband/hw/hfi1/sdma.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104281
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49439
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fsl_rio_setup() function in arch/powerpc/sysdev/fsl_rio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104283
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49447
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hi3xxx_smp_prepare_cpus() and hip01_boot_secondary() functions in arch/arm/mach-hisi/platsmp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104719
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49526
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the le32_to_cpu() and kunmap_atomic() functions in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104789
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49564
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the qat_dh_compute_value() function in drivers/crypto/qat/qat_common/qat_asym_algs.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104317
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49620
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tipc_sk_create() function in net/tipc/socket.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104323
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49648
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the parse_var_defs() function in kernel/trace/trace_events_hist.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104329
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49661
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gs_can_open() and gs_can_close() functions in drivers/net/can/usb/gs_usb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104445
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49685
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iio_sysfs_trigger_remove() function in drivers/iio/trigger/iio-trig-sysfs.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90239
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52572
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_wake_up_task(), __release_mid(), wait_for_response(), cifs_sync_mid_result(), cifs_compound_callback(), compound_send_recv(), SendReceive() and SendReceiveBlockingLock() functions in fs/smb/client/transport.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU102916
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-54680
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the clean_demultiplex_info(), cifs_get_tcp_session(), cifs_crypto_secmech_release(), cifs_put_tcp_session() and generic_ip_connect() functions in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU102075
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56548
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfsplus_read_wrapper() function in fs/hfsplus/wrapper.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU102021
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56606
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the packet_create() function in net/packet/af_packet.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU103959
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21700
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_lookup() function in net/sched/sch_api.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104074
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21702
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pfifo_tail_enqueue() function in net/sched/sch_fifo.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2503.3.0.0319
python3-perf: before 4.19.90-2503.3.0.0319
python2-perf-debuginfo: before 4.19.90-2503.3.0.0319
python2-perf: before 4.19.90-2503.3.0.0319
perf-debuginfo: before 4.19.90-2503.3.0.0319
perf: before 4.19.90-2503.3.0.0319
kernel-tools-devel: before 4.19.90-2503.3.0.0319
kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319
kernel-tools: before 4.19.90-2503.3.0.0319
kernel-source: before 4.19.90-2503.3.0.0319
kernel-devel: before 4.19.90-2503.3.0.0319
kernel-debugsource: before 4.19.90-2503.3.0.0319
kernel-debuginfo: before 4.19.90-2503.3.0.0319
bpftool-debuginfo: before 4.19.90-2503.3.0.0319
bpftool: before 4.19.90-2503.3.0.0319
kernel: before 4.19.90-2503.3.0.0319
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.