Risk | High |
Patch available | YES |
Number of vulnerabilities | 53 |
CVE-ID | CVE-2022-3114 CVE-2022-3424 CVE-2022-38096 CVE-2022-3903 CVE-2022-45887 CVE-2023-0160 CVE-2023-0615 CVE-2023-1206 CVE-2023-20569 CVE-2023-20588 CVE-2023-20593 CVE-2023-28464 CVE-2023-2860 CVE-2023-3006 CVE-2023-31083 CVE-2023-31085 CVE-2023-3358 CVE-2023-3567 CVE-2023-3772 CVE-2023-3863 CVE-2023-39192 CVE-2023-4015 CVE-2023-4132 CVE-2023-4155 CVE-2023-42753 CVE-2023-42754 CVE-2023-42755 CVE-2023-45863 CVE-2023-45871 CVE-2023-4622 CVE-2023-4623 CVE-2023-4921 CVE-2023-51042 CVE-2023-51779 CVE-2023-5178 CVE-2023-52438 CVE-2023-52445 CVE-2023-5717 CVE-2023-6176 CVE-2023-6546 CVE-2023-6817 CVE-2023-6915 CVE-2023-6931 CVE-2023-6932 CVE-2024-0565 CVE-2024-0646 CVE-2024-1086 CVE-2024-22099 CVE-2024-23307 CVE-2024-24855 CVE-2024-24860 CVE-2024-26589 CVE-2024-26597 |
CWE-ID | CWE-476 CWE-416 CWE-399 CWE-362 CWE-667 CWE-369 CWE-400 CWE-200 CWE-415 CWE-125 CWE-1037 CWE-119 CWE-787 CWE-191 CWE-190 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #35 is available. Vulnerability #47 is being exploited in the wild. |
Vulnerable software |
Anolis OS Operating systems & Components / Operating system kernel-modules-internal Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-libs-devel Operating systems & Components / Operating system package or component kernel-tools-libs Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-modules-extra Operating systems & Components / Operating system package or component kernel-modules Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debug-modules-extra Operating systems & Components / Operating system package or component kernel-debug-modules Operating systems & Components / Operating system package or component kernel-debug-devel Operating systems & Components / Operating system package or component kernel-debug-core Operating systems & Components / Operating system package or component kernel-debug Operating systems & Components / Operating system package or component kernel-core Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component |
Vendor | OpenAnolis |
Security Bulletin
This security bulletin contains information about 53 vulnerabilities.
EUVDB-ID: #VU70498
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3114
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the imx_register_uart_clocks() function in drivers/clk/imx/clk.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69759
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3424
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gru_set_context_option(), gru_fault() and gru_handle_user_call_os() functions in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU73764
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-38096
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70465
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3903
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an incorrect read request flaw in the Infrared Transceiver USB driver in Linux kernel. An attacker with physical access to the system can starve system resources and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75338
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-45887
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition in drivers/media/usb/ttusb-dec/ttusb_dec.c in Linux kernel. A local user can exploit the race and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90810
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-0160
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92736
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-0615
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
A memory leak flaw and potential divide by 0 and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU77953
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-1206
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a hash collision flaw in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when an attacker makes a new kind of SYN flood attack. A remote attacker can increase the CPU usage of the server that accepts IPV6 connections up to 95%.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU79263
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-20569
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to a side channel issue in AMD CPUs. A remote user can influence the return address prediction and gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU79239
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-20588
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a divide by zero error that can return speculative data. A local user can gain access to potentially sensitive information.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU78572
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-20593
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in AMD Zen2 processors. A local user can trigger a use-after-free error and execute arbitrary code on the system.
Note, the vulnerability was dubbed Zenbleed.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74147
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-28464
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the hci_conn_cleanup() function in net/bluetooth/hci_conn.c in Linux kernel. A local user can trigger a double free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU78675
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2860
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the SR-IPv6 implementation when processing seg6 attributes. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU77247
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3006
CWE-ID:
CWE-1037 - Processor optimization removal or modification of security-critical code
Exploit availability: No
DescriptionThe vulnerability allow a local user to gain access to sensitive information.
The vulnerability exists due to a known cache speculation vulnerability (Spectre-BHB) for the new hw AmpereOne. A local user can gain access to sensitive information.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU79496
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-31083
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the hci_uart_tty_ioctl() function in drivers/bluetooth/hci_ldisc.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU82660
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-31085
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a divide by zero error within the drivers/mtd/ubi/cdev.c driver. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU78063
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3358
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel's Integrated Sensor Hub (ISH) driver. A local user and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU79491
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3567
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vc_screen() function in vcs_read in drivers/tty/vt/vc_screen.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU80578
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3772
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the xfrm_update_ae_params() function in the IP framework for transforming packets (XFRM subsystem). A local user with CAP_NET_ADMIN privileges can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU79479
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3863
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfc_llcp_find_local() function in net/nfc/llcp_core.c in NFC implementation in Linux kernel. A local user can execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU81921
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-39192
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary condition within the the u32_match_it() function in Netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds read error and gain access to sensitive information.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU80123
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4015
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the netfilter subsystem in net/netfilter/nft_immediate.c when handling bound chain deactivation. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU79712
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4132
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the siano smsusb module in the Linux kernel. A local user can trigger a use-after-free error and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU79488
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4155
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in KVM AMD Secure Encrypted Virtualization (SEV) in Linux kernel. A local user can exploit the race and escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU81663
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-42753
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU81452
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-42754
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ipv4_send_dest_unreach() function in net/ipv4/route.c. A local user with CAP_NET_ADMIN permissions can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU82305
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-42755
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the the IPv4 Resource Reservation Protocol (RSVP) classifier function in the Linux kernel. A local user can trigger an out-of-bounds read error and crash the Linux kernel.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU84354
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-45863
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the fill_kobj_path() function in lib/kobject.c. A local user can can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU83381
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-45871
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the IGB driver in drivers/net/ethernet/intel/igb/igb_main.c when handling frames larger than the MTU. A remote attacker can send specially crafted traffic to the system, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU80583
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4622
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the unix_stream_sendpage() function in af_unix component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU81664
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4623
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel net/sched: sch_hfsc (HFSC qdisc traffic control) component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU81693
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4921
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the qfq_dequeue() function within the the Linux kernel's net/sched: sch_qfq component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86560
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-51042
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the amdgpu_cs_wait_all_fences() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85023
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-51779
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error when handling bt_sock_ioctl in the Bluetooth subsystem. A local user can trigger a use-after-free error and execute arbitrary code on the system.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU82658
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2023-5178
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local authenticated user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drivers/nvme/target/tcp.c in nvmet_tcp_free_crypto due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU87593
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52438
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the binder_alloc_free_page() function in drivers/android/binder_alloc.c. A local user can trigger a race condition and escalate privileges on the system.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87745
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52445
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in pvrusb2. A local user can execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU83311
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-5717
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the Linux kernel's Linux Kernel Performance Events (perf) component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU84096
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-6176
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel API for the cryptographic algorithm scatterwalk functionality in scatterwalk_copychunks(). A local user can send a malicious packet with specific socket configuration and crash the OS kernel.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85241
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-6546
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the GSM 0710 tty multiplexor in the Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU84586
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-6817
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the netfilter nf_tables component in Linux kernel. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85423
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-6915
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ida_free() function in lib/idr.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85021
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-6931
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the Linux kernel's Performance Events system component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU84585
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-6932
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
The vulnerability exists due to a use-after-free error within the ipv4 igmp component in Linux kernel. A local authenticated user can trigger a use-after-free error and execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86552
Risk: High
CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-0565
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer underflow within the receive_encrypted_standard() function in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. A remote attacker can trick the victim to connect to a malicious SMB server, trigger an integer underflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86246
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-0646
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in the Linux kernel’s Transport Layer Security functionality in the way a user calls a function splice with a ktls socket as the destination. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86577
Risk: High
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-1086
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the netfilter nf_tables component in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU87192
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-22099
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the rfcomm_check_security() function in /net/bluetooth/rfcomm/core.c. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88102
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23307
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87602
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-24855
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_unregister_fcf_rescan() function in scsi device driver. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86580
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-24860
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the {min,max}_key_size_set() function in the Linux kernel bluetooth device driver. A remote attacker with physical proximity to device can send specially crafted packets to the system and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88886
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26589
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the adjust_ptr_min_max_vals() function in kernel/bpf/verifier.c. A local user can crash the OS kernel.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87682
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26597
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c when parsing the netlink attributes. A local user can trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
kernel-modules-internal: before 5.10.134-17
python3-perf: before 5.10.134-17
perf: before 5.10.134-17
kernel-tools-libs-devel: before 5.10.134-17
kernel-tools-libs: before 5.10.134-17
kernel-tools: before 5.10.134-17
kernel-modules-extra: before 5.10.134-17
kernel-modules: before 5.10.134-17
kernel-headers: before 5.10.134-17
kernel-devel: before 5.10.134-17
kernel-debug-modules-extra: before 5.10.134-17
kernel-debug-modules: before 5.10.134-17
kernel-debug-devel: before 5.10.134-17
kernel-debug-core: before 5.10.134-17
kernel-debug: before 5.10.134-17
kernel-core: before 5.10.134-17
kernel: before 5.10.134-17
bpftool: before 5.10.134-17
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2024:0553
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.