Dell SmartFabric Storage Software update for third-party components
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 711 |
| CVE-ID | CVE-2024-41034 CVE-2024-40947 CVE-2024-41007 CVE-2024-41009 CVE-2024-41012 CVE-2024-41015 CVE-2024-41017 CVE-2024-41020 CVE-2024-41022 CVE-2024-41035 CVE-2024-36938 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41046 CVE-2024-41049 CVE-2024-41055 CVE-2024-41059 CVE-2024-41063 CVE-2024-39487 CVE-2024-36901 CVE-2024-41065 CVE-2024-27065 CVE-2024-27044 CVE-2024-27045 CVE-2024-27046 CVE-2024-27047 CVE-2024-27051 CVE-2024-27052 CVE-2024-27053 CVE-2024-27059 CVE-2024-27073 CVE-2024-36484 CVE-2024-27074 CVE-2024-27075 CVE-2024-27076 CVE-2024-27077 CVE-2024-27078 CVE-2024-27388 CVE-2024-27437 CVE-2022-48666 CVE-2024-41064 CVE-2024-41068 CVE-2024-27038 CVE-2024-42236 CVE-2024-42153 CVE-2024-42154 CVE-2024-42157 CVE-2024-42161 CVE-2024-42223 CVE-2024-42224 CVE-2024-42229 CVE-2024-42232 CVE-2024-42244 CVE-2024-42148 CVE-2024-42247 CVE-2021-3669 CVE-2022-48733 CVE-2023-31083 CVE-2023-52889 CVE-2024-27397 CVE-2024-38577 CVE-2024-41011 CVE-2024-42152 CVE-2024-42145 CVE-2024-41070 CVE-2024-42104 CVE-2024-41072 CVE-2024-41077 CVE-2024-41078 CVE-2024-41081 CVE-2024-41090 CVE-2024-41091 CVE-2024-42101 CVE-2024-42102 CVE-2024-42105 CVE-2024-42143 CVE-2024-42106 CVE-2024-42115 CVE-2024-42119 CVE-2024-42120 CVE-2024-42121 CVE-2024-42124 CVE-2024-42127 CVE-2024-42131 CVE-2024-42137 CVE-2024-27043 CVE-2024-27030 CVE-2024-41098 CVE-2024-26884 CVE-2024-26872 CVE-2024-26874 CVE-2024-26875 CVE-2024-26877 CVE-2024-26878 CVE-2024-26880 CVE-2024-26882 CVE-2024-26883 CVE-2024-26885 CVE-2024-26863 CVE-2024-26889 CVE-2024-26891 CVE-2024-26894 CVE-2024-26895 CVE-2024-26897 CVE-2024-26898 CVE-2024-26901 CVE-2024-26903 CVE-2024-26870 CVE-2024-26862 CVE-2024-26907 CVE-2024-26840 CVE-2024-26814 CVE-2024-26816 CVE-2024-26817 CVE-2024-26820 CVE-2024-26825 CVE-2024-26833 CVE-2024-26835 CVE-2024-26839 CVE-2024-26843 CVE-2024-26861 CVE-2024-26845 CVE-2024-26846 CVE-2024-26848 CVE-2024-26851 CVE-2024-26852 CVE-2024-26855 CVE-2024-26857 CVE-2024-26859 CVE-2024-26906 CVE-2024-26910 CVE-2024-27028 CVE-2024-26997 CVE-2024-26974 CVE-2024-26976 CVE-2024-26978 CVE-2024-26981 CVE-2024-26984 CVE-2024-26988 CVE-2024-26993 CVE-2024-26994 CVE-2024-26999 CVE-2024-26970 CVE-2024-27000 CVE-2024-27001 CVE-2024-27004 CVE-2024-27008 CVE-2024-27013 CVE-2024-27020 CVE-2024-27024 CVE-2024-27025 CVE-2024-26973 CVE-2024-26969 CVE-2024-26917 CVE-2024-26935 CVE-2024-26920 CVE-2024-26922 CVE-2024-26923 CVE-2024-26924 CVE-2024-26925 CVE-2024-26926 CVE-2024-26931 CVE-2024-26934 CVE-2024-26937 CVE-2024-26966 CVE-2024-26950 CVE-2024-26951 CVE-2024-26955 CVE-2024-26956 CVE-2024-26957 CVE-2024-26958 CVE-2024-26960 CVE-2024-26961 CVE-2024-26965 CVE-2024-41042 CVE-2024-42114 CVE-2024-26812 CVE-2024-46763 CVE-2024-46745 CVE-2024-46747 CVE-2024-46750 CVE-2024-46755 CVE-2024-46756 CVE-2024-46757 CVE-2024-46758 CVE-2024-46759 CVE-2024-46771 CVE-2024-46743 CVE-2024-46777 CVE-2024-46780 CVE-2024-46781 CVE-2024-46782 CVE-2024-46783 CVE-2024-46791 CVE-2024-46798 CVE-2024-46800 CVE-2024-46744 CVE-2024-46740 CVE-2024-46814 CVE-2024-46714 CVE-2024-46676 CVE-2024-46677 CVE-2024-46679 CVE-2024-46685 CVE-2024-46689 CVE-2024-46702 CVE-2024-46707 CVE-2024-46713 CVE-2024-46719 CVE-2024-46739 CVE-2024-46721 CVE-2024-46722 CVE-2024-46723 CVE-2024-46724 CVE-2024-46725 CVE-2024-46731 CVE-2024-46737 CVE-2024-46738 CVE-2024-46804 CVE-2024-46815 CVE-2024-46674 CVE-2021-36690 CVE-2024-6345 CVE-2024-37891 CVE-2023-45145 CVE-2023-28856 CVE-2023-25155 CVE-2022-36021 CVE-2022-24834 CVE-2024-21626 CVE-2023-7104 CVE-2024-3651 CVE-2022-48303 CVE-2023-39804 CVE-2024-43167 CVE-2024-43168 CVE-2024-28085 CVE-2023-52160 CVE-2024-5290 CVE-2022-40897 CVE-2024-26130 CVE-2024-46817 CVE-2024-21096 CVE-2024-46818 CVE-2024-46819 CVE-2024-46822 CVE-2024-46828 CVE-2024-46829 CVE-2024-46840 CVE-2024-46844 CVE-2023-22084 CVE-2024-5742 CVE-2023-49083 CVE-2024-28182 CVE-2024-0743 CVE-2024-6602 CVE-2024-6609 CVE-2024-6387 CVE-2023-47038 CVE-2023-47039 CVE-2024-39689 CVE-2023-23931 CVE-2024-46675 CVE-2024-46673 CVE-2024-42228 CVE-2024-43830 CVE-2024-42308 CVE-2024-42309 CVE-2024-42310 CVE-2024-42311 CVE-2024-42312 CVE-2024-42313 CVE-2024-43828 CVE-2024-43829 CVE-2024-43834 CVE-2024-42305 CVE-2024-43835 CVE-2024-43839 CVE-2024-43841 CVE-2024-43846 CVE-2024-43849 CVE-2024-43853 CVE-2024-43854 CVE-2024-43856 CVE-2024-42306 CVE-2024-42304 CVE-2024-43860 CVE-2024-42284 CVE-2024-42246 CVE-2024-42259 CVE-2024-42265 CVE-2024-42272 CVE-2024-42276 CVE-2024-42280 CVE-2024-42281 CVE-2024-42283 CVE-2024-42285 CVE-2024-42302 CVE-2024-42286 CVE-2024-42287 CVE-2024-42288 CVE-2024-42289 CVE-2024-42290 CVE-2024-42292 CVE-2024-42295 CVE-2024-42297 CVE-2024-42301 CVE-2024-43858 CVE-2024-43861 CVE-2024-45028 CVE-2024-44995 CVE-2024-44965 CVE-2024-44968 CVE-2024-44971 CVE-2024-44974 CVE-2024-44987 CVE-2024-44988 CVE-2024-44989 CVE-2024-44990 CVE-2024-44998 CVE-2024-44954 CVE-2024-44999 CVE-2024-45003 CVE-2024-45006 CVE-2024-45008 CVE-2024-45016 CVE-2024-45018 CVE-2024-45021 CVE-2024-45025 CVE-2024-44960 CVE-2024-44952 CVE-2024-43867 CVE-2024-43892 CVE-2024-43871 CVE-2024-43879 CVE-2024-43880 CVE-2024-43882 CVE-2024-43883 CVE-2024-43884 CVE-2024-43889 CVE-2024-43890 CVE-2024-43893 CVE-2024-44948 CVE-2024-43894 CVE-2024-43905 CVE-2024-43907 CVE-2024-43908 CVE-2024-43914 CVE-2024-44935 CVE-2024-44944 CVE-2024-44946 CVE-2024-44947 CVE-2024-26813 CVE-2024-26810 CVE-2023-4408 CVE-2024-38659 CVE-2024-38618 CVE-2024-38619 CVE-2024-38621 CVE-2024-38627 CVE-2024-38633 CVE-2024-38634 CVE-2024-38635 CVE-2024-38637 CVE-2024-38661 CVE-2024-38613 CVE-2024-38662 CVE-2024-38780 CVE-2024-39276 CVE-2024-39292 CVE-2024-39301 CVE-2024-39467 CVE-2024-39468 CVE-2024-39469 CVE-2024-38615 CVE-2024-38612 CVE-2024-39475 CVE-2024-38586 CVE-2024-38559 CVE-2024-38560 CVE-2024-38565 CVE-2024-38567 CVE-2024-38578 CVE-2024-38579 CVE-2024-38582 CVE-2024-38583 CVE-2024-38587 CVE-2024-38607 CVE-2024-38589 CVE-2024-38590 CVE-2024-38596 CVE-2024-38597 CVE-2024-38598 CVE-2024-38599 CVE-2024-38601 CVE-2024-38605 CVE-2024-39471 CVE-2024-39476 CVE-2024-38555 CVE-2024-40963 CVE-2024-40941 CVE-2024-40942 CVE-2024-40943 CVE-2024-40945 CVE-2024-40958 CVE-2024-40959 CVE-2024-40960 CVE-2024-40961 CVE-2024-40968 CVE-2024-40932 CVE-2024-40971 CVE-2024-40974 CVE-2024-40976 CVE-2024-40978 CVE-2024-40980 CVE-2024-40981 CVE-2024-40983 CVE-2024-40984 CVE-2024-40934 CVE-2024-40931 CVE-2024-39480 CVE-2024-39502 CVE-2024-39482 CVE-2024-39484 CVE-2024-39488 CVE-2024-39489 CVE-2024-39493 CVE-2024-39495 CVE-2024-39499 CVE-2024-39501 CVE-2024-39503 CVE-2024-40929 CVE-2024-39505 CVE-2024-39506 CVE-2024-39509 CVE-2024-40901 CVE-2024-40902 CVE-2024-40904 CVE-2024-40905 CVE-2024-40912 CVE-2024-40916 CVE-2024-38558 CVE-2024-38552 CVE-2024-40988 CVE-2023-32665 CVE-2023-42119 CVE-2024-39929 CVE-2023-52425 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2023-29499 CVE-2023-32611 CVE-2024-34397 CVE-2022-3559 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2023-5981 CVE-2024-0553 CVE-2024-0567 CVE-2023-42117 CVE-2021-38371 CVE-2024-28835 CVE-2024-4076 CVE-2023-50387 CVE-2023-50868 CVE-2023-5517 CVE-2023-5679 CVE-2023-6516 CVE-2024-0760 CVE-2024-1737 CVE-2024-1975 CVE-2021-3658 CVE-2022-1304 CVE-2021-41229 CVE-2021-43400 CVE-2022-0204 CVE-2022-39176 CVE-2022-39177 CVE-2023-27349 CVE-2023-50229 CVE-2023-50230 CVE-2024-2398 CVE-2024-28834 CVE-2024-37370 CVE-2024-38549 CVE-2024-36894 CVE-2024-35247 CVE-2024-36014 CVE-2024-36015 CVE-2024-36016 CVE-2024-36270 CVE-2024-36286 CVE-2024-36288 CVE-2024-36489 CVE-2024-36971 CVE-2024-33847 CVE-2024-36974 CVE-2024-36978 CVE-2024-37078 CVE-2024-37356 CVE-2024-38381 CVE-2024-38546 CVE-2024-38547 CVE-2024-38548 CVE-2024-34027 CVE-2024-33621 CVE-2024-37371 CVE-2023-49468 CVE-2022-48624 CVE-2024-32487 CVE-2023-27102 CVE-2023-27103 CVE-2023-43887 CVE-2023-47471 CVE-2023-49465 CVE-2023-49467 CVE-2024-5564 CVE-2024-31076 CVE-2020-22218 CVE-2024-24806 CVE-2016-3709 CVE-2022-2309 CVE-2022-43945 CVE-2022-48772 CVE-2024-25741 CVE-2024-26629 CVE-2024-27019 CVE-2024-40987 CVE-2024-40990 CVE-2024-26809 CVE-2024-26665 CVE-2024-26643 CVE-2024-26644 CVE-2024-26645 CVE-2024-26651 CVE-2024-26654 CVE-2024-26659 CVE-2024-26663 CVE-2024-26664 CVE-2024-26671 CVE-2024-26641 CVE-2024-26673 CVE-2024-26675 CVE-2024-26679 CVE-2024-26684 CVE-2024-26685 CVE-2024-26687 CVE-2024-26688 CVE-2024-26689 CVE-2024-26642 CVE-2024-26640 CVE-2024-26696 CVE-2024-26601 CVE-2024-23850 CVE-2024-23851 CVE-2024-24857 CVE-2024-24858 CVE-2024-24861 CVE-2024-26581 CVE-2024-26593 CVE-2024-26600 CVE-2024-26602 CVE-2024-26636 CVE-2024-26606 CVE-2024-26610 CVE-2024-26614 CVE-2024-26615 CVE-2024-26622 CVE-2024-26625 CVE-2024-26627 CVE-2024-26635 CVE-2024-26695 CVE-2024-26697 CVE-2024-22099 CVE-2024-26787 CVE-2024-26772 CVE-2024-26773 CVE-2024-26776 CVE-2024-26777 CVE-2024-26778 CVE-2024-26779 CVE-2024-26781 CVE-2024-26782 CVE-2024-26788 CVE-2024-26766 CVE-2024-26790 CVE-2024-26791 CVE-2024-26793 CVE-2024-26795 CVE-2024-26801 CVE-2024-26804 CVE-2024-26805 CVE-2024-26808 CVE-2024-26771 CVE-2024-26764 CVE-2024-26698 CVE-2024-26735 CVE-2024-26702 CVE-2024-26704 CVE-2024-26707 CVE-2024-26712 CVE-2024-26720 CVE-2024-26722 CVE-2024-26727 CVE-2024-26733 CVE-2024-26736 CVE-2024-26763 CVE-2024-26743 CVE-2024-26744 CVE-2024-26747 CVE-2024-26748 CVE-2024-26749 CVE-2024-26751 CVE-2024-26752 CVE-2024-26753 CVE-2024-26754 CVE-2024-23849 CVE-2024-1151 CVE-2024-40993 CVE-2024-36950 CVE-2024-36919 CVE-2024-36929 CVE-2024-36933 CVE-2024-36934 CVE-2024-36939 CVE-2024-36940 CVE-2024-36941 CVE-2024-36946 CVE-2024-36953 CVE-2024-36905 CVE-2024-36954 CVE-2024-36957 CVE-2024-36959 CVE-2023-28746 CVE-2023-47233 CVE-2023-52429 CVE-2023-52434 CVE-2023-52435 CVE-2024-36916 CVE-2024-36904 CVE-2023-52458 CVE-2024-26900 CVE-2024-40995 CVE-2024-41000 CVE-2024-41004 CVE-2024-41005 CVE-2024-41006 CVE-2022-48655 CVE-2023-52585 CVE-2023-52882 CVE-2024-27398 CVE-2024-36902 CVE-2024-27399 CVE-2024-27401 CVE-2024-35848 CVE-2024-35947 CVE-2024-36017 CVE-2024-36031 CVE-2024-36883 CVE-2024-36886 CVE-2024-36889 CVE-2023-52447 CVE-2023-52482 CVE-2024-0841 CVE-2023-52635 CVE-2023-52616 CVE-2023-52617 CVE-2023-52618 CVE-2023-52619 CVE-2023-52620 CVE-2023-52622 CVE-2023-52623 CVE-2023-52627 CVE-2023-52637 CVE-2023-52614 CVE-2023-52642 CVE-2023-52644 CVE-2023-52650 CVE-2023-6270 CVE-2023-7042 CVE-2024-0340 CVE-2024-0565 CVE-2024-0607 CVE-2023-52615 CVE-2023-52607 CVE-2023-52486 CVE-2023-52587 CVE-2023-52488 CVE-2023-52489 CVE-2023-52491 CVE-2023-52492 CVE-2023-52493 CVE-2023-52497 CVE-2023-52498 CVE-2023-52583 CVE-2023-52594 CVE-2023-52606 CVE-2023-52595 CVE-2023-52597 CVE-2023-52598 CVE-2023-52599 CVE-2023-52600 CVE-2023-52601 CVE-2023-52602 CVE-2023-52603 CVE-2023-52604 |
| CWE-ID | CWE-388 CWE-416 CWE-399 CWE-20 CWE-667 CWE-476 CWE-415 CWE-908 CWE-125 CWE-401 CWE-119 CWE-369 CWE-617 CWE-121 CWE-190 CWE-400 CWE-362 CWE-200 CWE-366 CWE-823 CWE-191 CWE-835 CWE-94 CWE-122 CWE-254 CWE-287 CWE-426 CWE-185 CWE-682 CWE-61 CWE-252 CWE-193 CWE-295 CWE-665 CWE-843 CWE-124 CWE-345 CWE-770 CWE-208 CWE-300 CWE-863 CWE-787 CWE-211 CWE-772 CWE-310 CWE-78 CWE-918 CWE-79 CWE-404 CWE-824 CWE-284 CWE-825 CWE-754 CWE-269 CWE-129 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #230 is available. Public exploit code for vulnerability #231 is available. Public exploit code for vulnerability #238 is available. Public exploit code for vulnerability #239 is available. Public exploit code for vulnerability #240 is available. Public exploit code for vulnerability #259 is available. Public exploit code for vulnerability #352 is available. Public exploit code for vulnerability #353 is available. Public exploit code for vulnerability #448 is available. Public exploit code for vulnerability #457 is available. Public exploit code for vulnerability #469 is available. Public exploit code for vulnerability #470 is available. Vulnerability #500 is being exploited in the wild. Public exploit code for vulnerability #656 is available. |
| Vulnerable software |
SmartFabric Storage Software Hardware solutions / Firmware |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 711 vulnerabilities.
1) Improper error handling
EUVDB-ID: #VU95020
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41034
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_dotdot() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU94218
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40947
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smack_post_notification() function in security/smack/smack_lsm.c, within the selinux_audit_rule_free() and selinux_audit_rule_init() functions in security/selinux/ss/services.c, within the security_key_getsecurity() function in security/security.c, within the ima_free_rule(), ima_lsm_copy_rule(), ima_lsm_update_rule() and ima_lsm_rule_init() functions in security/integrity/ima/ima_policy.c, within the aa_audit_rule_free() and aa_audit_rule_init() functions in security/apparmor/audit.c, within the audit_data_to_entry() and audit_dupe_lsm_field() functions in kernel/auditfilter.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU94345
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41007
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_rtx_probe0_timed_out() function in net/ipv4/tcp_timer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU94508
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41009
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __aligned(), bpf_ringbuf_alloc(), bpf_ringbuf_restore_from_rec() and __bpf_ringbuf_reserve() functions in kernel/bpf/ringbuf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU94672
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41012
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fcntl_setlk() function in fs/locks.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU94842
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41015
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ocfs2_check_dir_entry(), ocfs2_search_dirblock(), __ocfs2_delete_entry(), __ocfs2_add_entry(), ocfs2_dir_foreach_blk_id(), ocfs2_dir_foreach_blk_el(), ocfs2_find_dir_space_id() and ocfs2_find_dir_space_el() functions in fs/ocfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU94843
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41017
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __jfs_getxattr() and jfs_listxattr() functions in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper locking
EUVDB-ID: #VU94996
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41020
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fcntl_setlk64() function in fs/locks.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper error handling
EUVDB-ID: #VU95022
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41022
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU95109
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41035
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the usb_parse_endpoint() function in drivers/usb/core/config.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU90383
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36938
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/skmsg.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU94949
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41040
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the net/sched/act_ct.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Resource management error
EUVDB-ID: #VU95069
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41041
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sock_set_flag() and spin_unlock() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU95108
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41044
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_read() and ppp_write() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Double free
EUVDB-ID: #VU95010
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41046
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ltq_etop_free_channel() function in drivers/net/ethernet/lantiq_etop.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU94947
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41049
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the posix_lock_inode() function in fs/locks.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) NULL pointer dereference
EUVDB-ID: #VU94979
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41055
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/mmzone.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use of uninitialized resource
EUVDB-ID: #VU95033
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41059
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hfsplus_listxattr() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper locking
EUVDB-ID: #VU94992
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41063
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hci_unregister_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU93889
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39487
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bond_option_arp_ip_targets_set() function in drivers/net/bonding/bond_options.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU91224
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36901
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip6_output() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Memory leak
EUVDB-ID: #VU94926
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41065
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the alloc_dispatch_log_kmem_cache() function in arch/powerpc/platforms/pseries/setup.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Resource management error
EUVDB-ID: #VU94105
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27065
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) NULL pointer dereference
EUVDB-ID: #VU90521
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27044
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn10_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Buffer overflow
EUVDB-ID: #VU91310
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27045
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dp_dsc_clock_en_read() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) NULL pointer dereference
EUVDB-ID: #VU90519
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27046
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfp_fl_lag_do_work() function in drivers/net/ethernet/netronome/nfp/flower/lag_conf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) NULL pointer dereference
EUVDB-ID: #VU90520
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27047
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the phy_get_internal_delay() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) NULL pointer dereference
EUVDB-ID: #VU91501
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27051
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcm_avs_is_firmware_loaded() function in drivers/cpufreq/brcmstb-avs-cpufreq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU90180
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27052
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtl8xxxu_stop() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper locking
EUVDB-ID: #VU92029
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27053
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wilc_parse_join_bss_param() function in drivers/staging/wilc1000/wilc_hif.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Division by zero
EUVDB-ID: #VU91374
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27059
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the isd200_dump_driveid(), isd200_get_inquiry_data() and isd200_init_info() functions in drivers/usb/storage/isd200.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Memory leak
EUVDB-ID: #VU90455
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27073
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the budget_av_attach() function in drivers/media/pci/ttpci/budget-av.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Reachable assertion
EUVDB-ID: #VU93039
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36484
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the __inet_accept() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Memory leak
EUVDB-ID: #VU90453
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27074
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the go7007_load_encoder() function in drivers/media/usb/go7007/go7007-driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Stack-based buffer overflow
EUVDB-ID: #VU91298
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27075
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack overflow within the stv0367_writeregs() function in drivers/media/dvb-frontends/stv0367.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Memory leak
EUVDB-ID: #VU89991
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27076
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ipu_csc_scaler_release() function in drivers/staging/media/imx/imx-media-csc-scaler.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Memory leak
EUVDB-ID: #VU90451
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27077
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the v4l2_m2m_register_entity() function in drivers/media/v4l2-core/v4l2-mem2mem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Memory leak
EUVDB-ID: #VU90450
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27078
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpg_alloc() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Memory leak
EUVDB-ID: #VU90449
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27388
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gssx_dec_option_array() function in net/sunrpc/auth_gss/gss_rpc_xdr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Resource management error
EUVDB-ID: #VU93202
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27437
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vfio_intx_set_signal() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Use-after-free
EUVDB-ID: #VU90191
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48666
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __scsi_remove_device() function in drivers/scsi/scsi_sysfs.c, within the scsi_alloc_sdev() function in drivers/scsi/scsi_scan.c, within the scsi_mq_setup_tags() function in drivers/scsi/scsi_lib.c, within the scsi_remove_host(), scsi_add_host_with_dma() and scsi_host_dev_release() functions in drivers/scsi/hosts.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Improper locking
EUVDB-ID: #VU94991
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41064
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the eeh_pe_bus_get() function in arch/powerpc/kernel/eeh_pe.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Resource management error
EUVDB-ID: #VU95072
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41068
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sclp_init() function in drivers/s390/char/sclp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) NULL pointer dereference
EUVDB-ID: #VU91236
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27038
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the clk_core_get() function in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Memory leak
EUVDB-ID: #VU95502
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42236
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usb_string_copy() function in drivers/usb/gadget/configfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Improper locking
EUVDB-ID: #VU94983
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42153
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wait_reset(), i2c_pnx_master_xmit(), i2c_pnx_master_rcv(), i2c_pnx_interrupt(), i2c_pnx_timeout(), i2c_pnx_xfer() and i2c_pnx_probe() functions in drivers/i2c/busses/i2c-pnx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Input validation error
EUVDB-ID: #VU95093
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42154
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sizeof() function in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Input validation error
EUVDB-ID: #VU95090
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42157
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Use of uninitialized resource
EUVDB-ID: #VU95027
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42161
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the tools/lib/bpf/bpf_core_read.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Integer overflow
EUVDB-ID: #VU95037
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42223
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the tda10048_set_if() function in drivers/media/dvb-frontends/tda10048.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Improper error handling
EUVDB-ID: #VU95012
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42224
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mv88e6xxx_default_mdio_bus() function in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Buffer overflow
EUVDB-ID: #VU95078
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42229
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the setkey_unaligned() function in crypto/cipher.c, within the setkey_unaligned() function in crypto/aead.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Use-after-free
EUVDB-ID: #VU95503
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42232
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Input validation error
EUVDB-ID: #VU95510
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42244
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mos7840_port_remove() function in drivers/usb/serial/mos7840.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Out-of-bounds read
EUVDB-ID: #VU94952
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42148
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/ethernet/broadcom/bnx2x/bnx2x.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Resource management error
EUVDB-ID: #VU95518
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42247
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the swap_endian() function in drivers/net/wireguard/allowedips.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Resource exhaustion
EUVDB-ID: #VU63911
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3669
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to measuring usage of the shared memory does not scale with large shared memory segment counts. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Use-after-free
EUVDB-ID: #VU92895
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48733
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_wait_delalloc_flush() and btrfs_commit_transaction() functions in fs/btrfs/transaction.c, within the create_snapshot() function in fs/btrfs/ioctl.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) NULL pointer dereference
EUVDB-ID: #VU79496
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-31083
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the hci_uart_tty_ioctl() function in drivers/bluetooth/hci_ldisc.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) NULL pointer dereference
EUVDB-ID: #VU96132
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52889
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the apparmor_socket_sock_rcv_skb() function in security/apparmor/lsm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Improper locking
EUVDB-ID: #VU92027
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27397
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __nft_rbtree_insert(), nft_rbtree_deactivate() and nft_rbtree_gc() functions in net/netfilter/nft_set_rbtree.c, within the pipapo_get(), nft_pipapo_get(), nft_pipapo_insert(), pipapo_gc() and pipapo_deactivate() functions in net/netfilter/nft_set_pipapo.c, within the nft_rhash_key(), nft_rhash_cmp(), nft_rhash_lookup(), nft_rhash_get(), nft_rhash_update(), nft_rhash_insert() and nft_rhash_deactivate() functions in net/netfilter/nft_set_hash.c, within the nft_trans_gc_catchall_sync() and nf_tables_valid_genid() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Buffer overflow
EUVDB-ID: #VU92378
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38577
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kernel/rcu/tasks.h. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Input validation error
EUVDB-ID: #VU94530
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41011
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kfd_ioctl_alloc_memory_of_gpu(), criu_restore_memory_of_gpu() and kfd_mmio_mmap() functions in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Memory leak
EUVDB-ID: #VU94922
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42152
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvmet_sq_destroy() function in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Buffer overflow
EUVDB-ID: #VU95054
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42145
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Use-after-free
EUVDB-ID: #VU94942
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41070
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kvm_spapr_tce_attach_iommu_group() function in arch/powerpc/kvm/book3s_64_vio.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Use-after-free
EUVDB-ID: #VU94937
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42104
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_check_page() and nilfs_error() functions in fs/nilfs2/dir.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Input validation error
EUVDB-ID: #VU95106
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41072
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cfg80211_wext_siwscan() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) NULL pointer dereference
EUVDB-ID: #VU94976
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41077
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the null_validate_conf() function in drivers/block/null_blk/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Memory leak
EUVDB-ID: #VU94929
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41078
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_quota_disable() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Resource management error
EUVDB-ID: #VU95051
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41081
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ila_output() function in net/ipv6/ila/ila_lwt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Out-of-bounds read
EUVDB-ID: #VU94840
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41090
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Out-of-bounds read
EUVDB-ID: #VU94841
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41091
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tun_xdp_one() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) NULL pointer dereference
EUVDB-ID: #VU94963
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42101
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nouveau_connector_get_modes() function in drivers/gpu/drm/nouveau/nouveau_connector.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Integer overflow
EUVDB-ID: #VU95034
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42102
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the wb_dirty_limits() function in mm/page-writeback.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Use-after-free
EUVDB-ID: #VU94936
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42105
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_store_disk_layout() function in fs/nilfs2/the_nilfs.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Out-of-bounds read
EUVDB-ID: #VU94951
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42143
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the orangefs_statfs() function in fs/orangefs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Use of uninitialized resource
EUVDB-ID: #VU95024
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42106
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the inet_diag_dump_compat() and inet_diag_get_exact_compat() functions in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Use-after-free
EUVDB-ID: #VU94932
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42115
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the jffs2_i_init_once() function in fs/jffs2/super.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Improper error handling
EUVDB-ID: #VU95015
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42119
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the find_first_free_audio() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Input validation error
EUVDB-ID: #VU95099
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42120
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dce110_vblank_set() function in drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Input validation error
EUVDB-ID: #VU95098
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42121
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the read() and write() functions in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Input validation error
EUVDB-ID: #VU95097
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42124
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qedf_execute_tmf() function in drivers/scsi/qedf/qedf_io.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Improper error handling
EUVDB-ID: #VU95014
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42127
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the lima_pp_init() and lima_pp_bcast_init() functions in drivers/gpu/drm/lima/lima_pp.c, within the lima_mmu_init() function in drivers/gpu/drm/lima/lima_mmu.c, within the lima_gp_init() function in drivers/gpu/drm/lima/lima_gp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Integer overflow
EUVDB-ID: #VU95035
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42131
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the domain_dirty_limits(), node_dirty_limit(), dirty_background_bytes_handler() and dirty_bytes_handler() functions in mm/page-writeback.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Use-after-free
EUVDB-ID: #VU94931
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42137
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qca_serdev_shutdown() function in drivers/bluetooth/hci_qca.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Use-after-free
EUVDB-ID: #VU90178
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27043
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Race condition
EUVDB-ID: #VU91473
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27030
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rvu_queue_work(), rvu_mbox_intr_handler() and rvu_register_interrupts() functions in drivers/net/ethernet/marvell/octeontx2/af/rvu.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) NULL pointer dereference
EUVDB-ID: #VU94970
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41098
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ata_host_release() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Buffer overflow
EUVDB-ID: #VU91604
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26884
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the htab_map_alloc() function in kernel/bpf/hashtab.c on 32-bit platforms. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Use-after-free
EUVDB-ID: #VU90199
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26872
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the srpt_add_one() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) NULL pointer dereference
EUVDB-ID: #VU90575
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26874
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_drm_crtc_finish_page_flip() function in drivers/gpu/drm/mediatek/mtk_drm_crtc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Use-after-free
EUVDB-ID: #VU90193
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26875
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pvr2_context_exit() function in drivers/media/usb/pvrusb2/pvrusb2-context.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Resource management error
EUVDB-ID: #VU93200
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26877
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the zynqmp_handle_aes_req() function in drivers/crypto/xilinx/zynqmp-aes-gcm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) NULL pointer dereference
EUVDB-ID: #VU90574
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26878
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dquot_mark_dquot_dirty(), __dquot_alloc_space(), dquot_alloc_inode(), EXPORT_SYMBOL(), dquot_claim_space_nodirty(), dquot_reclaim_space_nodirty(), __dquot_free_space(), dquot_free_inode() and __dquot_transfer() functions in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Resource management error
EUVDB-ID: #VU92988
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26880
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __dm_internal_suspend() and __dm_internal_resume() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Use of uninitialized resource
EUVDB-ID: #VU90878
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26882
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to use of uninitialized resource within the ip_tunnel_rcv() function in net/ipv4/ip_tunnel.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Buffer overflow
EUVDB-ID: #VU91602
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26883
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the stack_map_alloc() function in kernel/bpf/stackmap.c on a 32-bit platform. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Buffer overflow
EUVDB-ID: #VU89840
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26885
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the dev_map_init_map() function in kernel/bpf/devmap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Use of uninitialized resource
EUVDB-ID: #VU90877
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26863
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hsr_get_node() function in net/hsr/hsr_framereg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Buffer overflow
EUVDB-ID: #VU91312
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26889
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the hci_get_dev_info() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Improper locking
EUVDB-ID: #VU91524
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26891
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the devtlb_invalidation_with_pasid() function in drivers/iommu/intel/pasid.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Memory leak
EUVDB-ID: #VU90002
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26894
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the acpi_processor_power_exit() function in drivers/acpi/processor_idle.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Use-after-free
EUVDB-ID: #VU90202
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26895
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wilc_netdev_cleanup() function in drivers/net/wireless/microchip/wilc1000/netdev.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) NULL pointer dereference
EUVDB-ID: #VU90580
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26897
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ath9k_wmi_event_tasklet() function in drivers/net/wireless/ath/ath9k/wmi.c, within the ath9k_tx_init() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c, within the ath9k_htc_probe_device() function in drivers/net/wireless/ath/ath9k/htc_drv_init.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Use-after-free
EUVDB-ID: #VU90197
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26898
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tx() function in drivers/block/aoe/aoenet.c, within the aoecmd_cfg_pkts() function in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Information disclosure
EUVDB-ID: #VU91363
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26901
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to information disclosure within the do_sys_name_to_handle() function in fs/fhandle.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) NULL pointer dereference
EUVDB-ID: #VU92070
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26903
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rfcomm_process_rx() function in net/bluetooth/rfcomm/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Buffer overflow
EUVDB-ID: #VU92006
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26870
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nfs4_listxattr() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Race condition within a thread
EUVDB-ID: #VU91434
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26862
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the packet_setsockopt() and packet_getsockopt() functions in net/packet/af_packet.c, within the dev_queue_xmit_nit() function in net/core/dev.c. A local user can manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Improper locking
EUVDB-ID: #VU92037
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26907
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the set_eth_seg() function in drivers/infiniband/hw/mlx5/wr.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Memory leak
EUVDB-ID: #VU90005
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26840
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kmem_cache_free() and cachefiles_daemon_unbind() functions in fs/cachefiles/bind.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Improper error handling
EUVDB-ID: #VU92058
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26814
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vfio_fsl_mc_set_irq_trigger() function in drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Memory leak
EUVDB-ID: #VU91650
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26816
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the print_absolute_relocs() function in arch/x86/tools/relocs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Integer overflow
EUVDB-ID: #VU88544
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26817
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the kfd_ioctl_get_process_apertures_new() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Resource management error
EUVDB-ID: #VU93775
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26820
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the netvsc_vf_handle_frame(), netvsc_vf_join(), netvsc_prepare_bonding(), netvsc_register_vf(), netvsc_unregister_vf(), netvsc_probe() and netvsc_netdev_event() functions in drivers/net/hyperv/netvsc_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Memory leak
EUVDB-ID: #VU93765
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26825
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nci_free_device() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Memory leak
EUVDB-ID: #VU90004
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26833
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dm_sw_fini() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Resource management error
EUVDB-ID: #VU93772
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26835
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Memory leak
EUVDB-ID: #VU90471
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26839
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the init_credit_return() function in drivers/infiniband/hw/hfi1/pio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Buffer overflow
EUVDB-ID: #VU93404
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26843
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the riscv_enable_runtime_services() function in drivers/firmware/efi/riscv-runtime.c, within the arm_enable_runtime_services() function in drivers/firmware/efi/arm-runtime.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Race condition within a thread
EUVDB-ID: #VU91433
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26861
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the decrypt_packet(), counter_validate() and wg_packet_rx_poll() functions in drivers/net/wireguard/receive.c. A local user can manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Improper locking
EUVDB-ID: #VU93388
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26845
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the transport_generic_handle_tmr() function in drivers/target/target_core_transport.c, within the transport_lookup_tmr_lun() and rcu_dereference_raw() functions in drivers/target/target_core_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Double free
EUVDB-ID: #VU90896
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26846
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the LIST_HEAD(), nvme_fc_free_lport(), nvme_fc_init_module(), device_destroy() and nvme_fc_delete_controllers() functions in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Improper locking
EUVDB-ID: #VU91526
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26848
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the afs_dir_iterate_block() function in fs/afs/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Out-of-bounds read
EUVDB-ID: #VU91096
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26851
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the decode_seq() function in net/netfilter/nf_conntrack_h323_asn1.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Use-after-free
EUVDB-ID: #VU90194
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26852
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_route_multipath_add() and list_for_each_entry_safe() functions in net/ipv6/route.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) NULL pointer dereference
EUVDB-ID: #VU90576
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26855
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_bridge_setlink() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Use of uninitialized resource
EUVDB-ID: #VU90876
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26857
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the geneve_rx() function in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) NULL pointer dereference
EUVDB-ID: #VU90573
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26859
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Improper error handling
EUVDB-ID: #VU92944
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26906
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the copy_from_kernel_nofault_allowed() function in arch/x86/mm/maccess.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Race condition
EUVDB-ID: #VU91476
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26910
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the list_set_destroy() and list_set_same_set() functions in net/netfilter/ipset/ip_set_list_set.c, within the ip_set_destroy_set(), ip_set_destroy(), ip_set_swap() and ip_set_fini() functions in net/netfilter/ipset/ip_set_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) NULL pointer dereference
EUVDB-ID: #VU90555
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27028
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_spi_interrupt() function in drivers/spi/spi-mt65xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Input validation error
EUVDB-ID: #VU93871
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26997
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the dwc2_cmpl_host_isoc_dma_desc() function in drivers/usb/dwc2/hcd_ddma.c in DDMA completion flow. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Use-after-free
EUVDB-ID: #VU90185
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26974
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the adf_device_reset_worker() and adf_dev_aer_schedule_reset() functions in drivers/crypto/qat/qat_common/adf_aer.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Improper locking
EUVDB-ID: #VU90774
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26976
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the async_pf_execute(), kvm_clear_async_pf_completion_queue(), kvm_check_async_pf_completion() and kvm_setup_async_pf() functions in virt/kvm/async_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) NULL pointer dereference
EUVDB-ID: #VU90559
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26978
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the max310x_i2c_slave_addr() function in drivers/tty/serial/max310x.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Out-of-bounds read
EUVDB-ID: #VU90318
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26981
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nilfs_type_by_mode[() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) NULL pointer dereference
EUVDB-ID: #VU90557
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26984
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nv50_instobj_acquire() function in drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Buffer overflow
EUVDB-ID: #VU93305
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26988
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the setup_command_line() function in init/main.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Information disclosure
EUVDB-ID: #VU91355
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26993
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sysfs_break_active_protection() function in fs/sysfs/file.c. A local user can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Buffer overflow
EUVDB-ID: #VU93243
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26994
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the get_word() function in drivers/accessibility/speakup/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Improper locking
EUVDB-ID: #VU91449
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26999
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pmz_receive_chars() function in drivers/tty/serial/pmac_zilog.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Out-of-bounds read
EUVDB-ID: #VU91398
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26970
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq6018.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Improper locking
EUVDB-ID: #VU91450
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27000
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mxs_auart_set_ldisc() and mxs_auart_irq_handle() functions in drivers/tty/serial/mxs-auart.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Resource management error
EUVDB-ID: #VU92969
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27001
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmk80xx_find_usb_endpoints() function in drivers/comedi/drivers/vmk80xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Improper locking
EUVDB-ID: #VU90770
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27004
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the HLIST_HEAD(), clk_pm_runtime_put(), clk_unprepare_unused_subtree(), clk_disable_unused_subtree(), __setup(), clk_disable_unused(), __clk_release() and __clk_register() functions in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Out-of-bounds read
EUVDB-ID: #VU91095
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27008
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the apply_dcb_encoder_quirks() and fabricate_dcb_encoder_table() functions in drivers/gpu/drm/nouveau/nouveau_bios.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Improper locking
EUVDB-ID: #VU91521
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27013
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tun_put_user() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Race condition within a thread
EUVDB-ID: #VU91432
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27020
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a data race within the __nft_expr_type_get() and nft_expr_type_get() functions in net/netfilter/nf_tables_api.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Resource management error
EUVDB-ID: #VU93841
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27024
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the rds_sendmsg() function in net/rds/send.c, within the __rds_rdma_map() function in net/rds/rdma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Improper error handling
EUVDB-ID: #VU93453
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27025
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nbd_genl_status() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Information disclosure
EUVDB-ID: #VU91360
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26973
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the fat_encode_fh_nostale() function in fs/fat/nfs.c. A local user can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Out-of-bounds read
EUVDB-ID: #VU91397
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26969
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq8074.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Improper locking
EUVDB-ID: #VU90778
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26917
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fcoe_ctlr_announce(), fcoe_ctlr_els_send(), fcoe_ctlr_flogi_send_locked(), fcoe_ctlr_flogi_retry() and fcoe_ctlr_flogi_send() functions in drivers/scsi/fcoe/fcoe_ctlr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Information disclosure
EUVDB-ID: #VU91358
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26935
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the scsi_host_dev_release() function in drivers/scsi/hosts.c. A local user can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Buffer overflow
EUVDB-ID: #VU93805
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26920
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the register_snapshot_trigger() function in kernel/trace/trace_events_trigger.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Input validation error
EUVDB-ID: #VU89054
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26922
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the amdgpu_vm_bo_insert_map(), amdgpu_vm_bo_map(), amdgpu_vm_bo_replace_map(), and amdgpu_vm_bo_clear_mappings() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c. A local user can pass specially crafted input to the driver and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Improper locking
EUVDB-ID: #VU92035
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26923
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper locking within the unix_gc() function in net/unix/garbage.c due to garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. A local user can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) Resource management error
EUVDB-ID: #VU89055
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26924
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nft_pipapo_remove() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Improper locking
EUVDB-ID: #VU92034
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26925
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __nf_tables_abort() and nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Use of Out-of-range Pointer Offset
EUVDB-ID: #VU91119
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26926
CWE-ID:
CWE-823 - Use of Out-of-range Pointer Offset
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the binder_get_object() function in drivers/android/binder.c. A local user can influence the pointer offset and potentially execute arbitrary code.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) NULL pointer dereference
EUVDB-ID: #VU90563
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26931
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qlt_free_session_done() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Improper locking
EUVDB-ID: #VU90776
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26934
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the interface_authorized_store() function in drivers/usb/core/sysfs.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) Reachable assertion
EUVDB-ID: #VU90909
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26937
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the gen11_emit_fini_breadcrumb_rcs() function in drivers/gpu/drm/i915/gt/intel_lrc.c, within the __engine_park() function in drivers/gpu/drm/i915/gt/intel_engine_pm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) Out-of-bounds read
EUVDB-ID: #VU91394
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26966
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-apq8084.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) NULL pointer dereference
EUVDB-ID: #VU91460
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26950
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_peer() function in drivers/net/wireguard/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Use-after-free
EUVDB-ID: #VU90187
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26951
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wg_get_device_dump() function in drivers/net/wireguard/netlink.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Improper error handling
EUVDB-ID: #VU93652
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26955
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_get_block() function in fs/nilfs2/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) Buffer overflow
EUVDB-ID: #VU93155
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26956
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nilfs_direct_lookup_contig() function in fs/nilfs2/direct.c, within the nilfs_btree_lookup_contig() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Use-after-free
EUVDB-ID: #VU91062
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26957
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zcrypt_pick_queue() and zcrypt_drop_queue() functions in drivers/s390/crypto/zcrypt_api.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Use-after-free
EUVDB-ID: #VU90183
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26958
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the , within the wait_on_commit() function in fs/nfs/write.c, within the nfs_direct_commit_schedule() function in fs/nfs/direct.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) Race condition
EUVDB-ID: #VU91475
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26960
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the __swap_entry_free_locked() and free_swap_and_cache() functions in mm/swapfile.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) Use-after-free
EUVDB-ID: #VU90186
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26961
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mac802154_llsec_key_del_rcu() function in net/mac802154/llsec.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) Out-of-bounds read
EUVDB-ID: #VU91393
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26965
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-msm8974.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) Input validation error
EUVDB-ID: #VU95003
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41042
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nf_tables_rule_release(), nft_chain_validate(), nft_chain_validate_hooks() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) Improper locking
EUVDB-ID: #VU94986
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42114
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the NLA_POLICY_FULL_RANGE() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Improper locking
EUVDB-ID: #VU91529
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26812
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_intx_handler() and vfio_pci_set_intx_trigger() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) NULL pointer dereference
EUVDB-ID: #VU97523
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46763
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fou_from_sock(), fou_gro_receive(), fou_gro_complete() and gue_gro_receive() functions in net/ipv4/fou.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) Use-after-free
EUVDB-ID: #VU97493
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46745
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uinput_validate_absinfo() function in drivers/input/misc/uinput.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) Out-of-bounds read
EUVDB-ID: #VU97504
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46747
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cougar_fix_g6_mapping() function in drivers/hid/hid-cougar.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) Improper locking
EUVDB-ID: #VU97539
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46750
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pci_bus_lock(), pci_bus_unlock(), pci_bus_trylock(), list_for_each_entry_continue_reverse(), pci_slot_lock() and pci_slot_trylock() functions in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
183) NULL pointer dereference
EUVDB-ID: #VU97525
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46755
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/marvell/mwifiex/main.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
184) Integer underflow
EUVDB-ID: #VU97551
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46756
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the store_target_temp() and store_tolerance() functions in drivers/hwmon/w83627ehf.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
185) Integer underflow
EUVDB-ID: #VU97552
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46757
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the store_temp_offset() function in drivers/hwmon/nct6775.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
186) Integer underflow
EUVDB-ID: #VU97553
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46758
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the set_tcrit2(), set_tcrit1(), set_tcrit1_hyst() and set_offset() functions in drivers/hwmon/lm95234.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
187) Integer underflow
EUVDB-ID: #VU97554
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46759
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the adc128_set_in() and adc128_set_temp() functions in drivers/hwmon/adc128d818.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
188) Memory leak
EUVDB-ID: #VU97485
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46771
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
189) Out-of-bounds read
EUVDB-ID: #VU97503
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46743
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the of_irq_parse_one() function in drivers/of/irq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
190) Integer overflow
EUVDB-ID: #VU97550
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46777
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the udf_fill_partdesc_info() function in fs/udf/super.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
191) Buffer overflow
EUVDB-ID: #VU97564
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46780
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nilfs_dev_revision_show(), nilfs_dev_device_size_show(), nilfs_dev_uuid_show() and nilfs_dev_volume_name_show() functions in fs/nilfs2/sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
192) Use-after-free
EUVDB-ID: #VU97495
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46781
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_finish_roll_forward() and nilfs_salvage_orphan_logs() functions in fs/nilfs2/recovery.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
193) Use-after-free
EUVDB-ID: #VU97496
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46782
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ila_xlat_init_net() and ila_xlat_exit_net() functions in net/ipv6/ila/ila_xlat.c, within the ila_pre_exit_net() and ila_exit_net() functions in net/ipv6/ila/ila_main.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
194) Improper error handling
EUVDB-ID: #VU97546
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46783
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the sk_stream_error() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
195) Improper locking
EUVDB-ID: #VU97535
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46791
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mcp251x_hw_wake() function in drivers/net/can/spi/mcp251x.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
196) Use-after-free
EUVDB-ID: #VU97500
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46798
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_soc_dai_link_event() function in sound/soc/soc-dapm.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
197) Use-after-free
EUVDB-ID: #VU97501
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
198) Input validation error
EUVDB-ID: #VU97540
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46744
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
199) Use-after-free
EUVDB-ID: #VU97492
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46740
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the binder_transaction() function in drivers/android/binder.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
200) Input validation error
EUVDB-ID: #VU97844
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46814
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hdmi_14_process_transaction() and dp_11_process_transaction() functions in drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
201) Improper error handling
EUVDB-ID: #VU97548
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46714
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the wbscl_set_scaler_filter() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
202) Division by zero
EUVDB-ID: #VU97276
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46676
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the pn533_start_poll() function in drivers/nfc/pn533/pn533.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
203) NULL pointer dereference
EUVDB-ID: #VU97257
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46677
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gtp_encap_enable_socket() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
204) Input validation error
EUVDB-ID: #VU97269
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46679
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the speed_show() function in net/core/net-sysfs.c, within the __ethtool_get_link_ksettings() function in net/core/ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
205) NULL pointer dereference
EUVDB-ID: #VU97259
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46685
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pcs_get_function() function in drivers/pinctrl/pinctrl-single.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
206) Infinite loop
EUVDB-ID: #VU97279
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46689
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the cmd_db_dev_probe() function in drivers/soc/qcom/cmd-db.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
207) Improper locking
EUVDB-ID: #VU97264
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46702
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tb_switch_remove() function in drivers/thunderbolt/switch.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
208) NULL pointer dereference
EUVDB-ID: #VU97256
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46707
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the access_gic_sgi() function in arch/arm64/kvm/sys_regs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
209) Improper locking
EUVDB-ID: #VU97313
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46713
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ring_buffer_init() function in kernel/events/ring_buffer.c, within the put_ctx(), perf_mmap_close(), perf_mmap() and atomic_dec() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
210) NULL pointer dereference
EUVDB-ID: #VU97534
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46719
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/usb/typec/ucsi/ucsi.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
211) NULL pointer dereference
EUVDB-ID: #VU97528
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46739
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hv_uio_channel_cb() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
212) NULL pointer dereference
EUVDB-ID: #VU97532
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46721
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __aafs_profile_mkdir() function in security/apparmor/apparmorfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
213) Out-of-bounds read
EUVDB-ID: #VU97508
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46722
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_atombios_init_mc_reg_table() function in drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
214) Out-of-bounds read
EUVDB-ID: #VU97509
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46723
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_cgs_get_firmware_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
215) Out-of-bounds read
EUVDB-ID: #VU97510
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46724
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the df_v1_7_get_hbm_channel_number() function in drivers/gpu/drm/amd/amdgpu/df_v1_7.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
216) Out-of-bounds read
EUVDB-ID: #VU97511
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46725
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_ring_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
217) Out-of-bounds read
EUVDB-ID: #VU97512
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46731
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the atomctrl_retrieve_ac_timing() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
218) NULL pointer dereference
EUVDB-ID: #VU97529
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46737
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_install_queue() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
219) Use-after-free
EUVDB-ID: #VU97491
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46738
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmci_resource_remove() function in drivers/misc/vmw_vmci/vmci_resource.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
220) Resource management error
EUVDB-ID: #VU97827
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46804
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the read() and write() functions in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
221) Input validation error
EUVDB-ID: #VU97843
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46815
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the build_watermark_ranges() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
222) Use-after-free
EUVDB-ID: #VU97252
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46674
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the st_dwc3_probe() and reset_control_assert() functions in drivers/usb/dwc3/dwc3-st.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
223) Buffer overflow
EUVDB-ID: #VU63627
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-36690
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a segmentation fault in the sqlite3 command-line component when processing SQL queries in the idxGetTableInfo() function. A local user can pass a specially crafted SQL query and crash the application.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
224) Code Injection
EUVDB-ID: #VU95339
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-6345
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when processing URL in the package_index module of pypa/setuptools. A remote attacker can send a specially crafted request and execute arbitrary code on the target system via download functions.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
225) Information disclosure
EUVDB-ID: #VU92262
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-37891
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to Prox-Authorization header is not stripped during cross-origin redirects when using urllib3's proxy support with ProxyManager. A remote attacker can gain obtain proxy credentials used by the library.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
226) Race condition
EUVDB-ID: #VU82200
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-45145
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition between listen(2) and chmod(2) calls on startup. A local user can exploit the race and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
227) Input validation error
EUVDB-ID: #VU75177
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-28856
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote user can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
228) Integer overflow
EUVDB-ID: #VU72649
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-25155
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the "SRANDMEMBER", "ZRANDMEMBER" and "HRANDFIELD" commands. A local user can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
229) Resource exhaustion
EUVDB-ID: #VU72634
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-36021
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when matching commands (like SCAN or KEYS) with a specially crafted pattern. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
230) Heap-based buffer overflow
EUVDB-ID: #VU78506
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2022-24834
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the cjson and cmsgpack libraries. A remote attacker can trick the victim into using a specially crafted Lua script to trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
231) Security features bypass
EUVDB-ID: #VU85991
Risk: High
CVSSv4.0: 7.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-21626
CWE-ID:
CWE-254 - Security Features
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an internal file descriptor leak that can cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace or a malicious image to allow a container process to gain access to the host filesystem through runc run. A remote attacker can trick the victim into loading a malicious image to bypass sandbox restrictions and execute arbitrary code on the host OS.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
232) Out-of-bounds read
EUVDB-ID: #VU84985
Risk: Medium
CVSSv4.0: 5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-7104
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the sessionReadRecord() function in ext/session/sqlite3session.c when processing a corrupt changeset. A remote user can send a specially crafted request to trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
233) Resource exhaustion
EUVDB-ID: #VU88828
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-3651
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the idna.encode() function. A remote attacker can pass an overly long domain name to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
234) Heap-based buffer overflow
EUVDB-ID: #VU72432
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-48303
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the from_header() function in list.c when handling V7 archives. A remote attacker can trick the victim to open a specially crafted V7 archive, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
235) Stack-based buffer overflow
EUVDB-ID: #VU84035
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-39804
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the xattr_decoder() function in xheader.c. A remote attacker can trick the victim to open a specially crafted tar/pax archive with an overly long xattr key, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
236) NULL pointer dereference
EUVDB-ID: #VU96082
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-43167
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ub_ctx_set_fwd() function. A remote attacker can send specially crafted request to the server and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
237) Heap-based buffer overflow
EUVDB-ID: #VU96490
Risk: Low
CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43168
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the cfg_mark_ports() function in config_file.c. A local user can pass a specially crafted file to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
238) Input validation error
EUVDB-ID: #VU87906
Risk: Low
CVSSv4.0: 5.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-28085
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied arguments along with setgid tty permissions within the wall command. A local user can execute arbitrary commands with escalated privileges on the system.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
239) Improper authentication
EUVDB-ID: #VU86768
Risk: Medium
CVSSv4.0: 2.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2023-52160
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in the PEAP implementation. A remote attacker can bypass authentication process by sending an EAP-TLV Success packet instead of starting Phase 2.
Successful exploitation of the vulnerability requires that wpa_supplicant is configured to not verify the network's TLS certificate during Phase 1 authentication.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
240) Untrusted search path
EUVDB-ID: #VU95458
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-5290
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path. A local user in the netdev group or access to the dbus interface of wpa_supplicant can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
241) Incorrect Regular Expression
EUVDB-ID: #VU71379
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-40897
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing HTML content. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
242) NULL pointer dereference
EUVDB-ID: #VU87129
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26130
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
243) Resource management error
EUVDB-ID: #VU97830
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46817
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
244) Improper input validation
EUVDB-ID: #VU88696
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21096
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Client: mysqldump component in MySQL Server. A local non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
245) Input validation error
EUVDB-ID: #VU97842
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46818
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the is_pin_busy(), set_pin_busy(), set_pin_free(), dal_gpio_service_lock() and dal_gpio_service_unlock() functions in drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
246) NULL pointer dereference
EUVDB-ID: #VU97797
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46819
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nbio_v7_4_handle_ras_controller_intr_no_bifring() function in drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
247) NULL pointer dereference
EUVDB-ID: #VU97798
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46822
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arch/arm64/include/asm/acpi.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
248) Out-of-bounds read
EUVDB-ID: #VU97786
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46828
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
249) Improper locking
EUVDB-ID: #VU97803
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46829
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __rt_mutex_slowlock(), rt_mutex_handle_deadlock() and rt_mutex_slowlock() functions in kernel/locking/rtmutex.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
250) Improper locking
EUVDB-ID: #VU97808
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46840
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reada_walk_down(), walk_down_proc(), do_walk_down() and walk_up_proc() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
251) Incorrect calculation
EUVDB-ID: #VU97833
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46844
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the setup_one_line() function in arch/um/drivers/line.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
252) Improper input validation
EUVDB-ID: #VU82154
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-22084
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
253) UNIX symbolic link following
EUVDB-ID: #VU93285
Risk: Low
CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-5742
CWE-ID:
CWE-61 - UNIX Symbolic Link (Symlink) Following
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
254) NULL pointer dereference
EUVDB-ID: #VU83930
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-49083
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when calling the load_pem_pkcs7_certificates() or load_der_pkcs7_certificates() functions. A remote attacker can pass specially crafted PKCS7 blob/certificate certificate to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
255) Input validation error
EUVDB-ID: #VU88144
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-28182
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to reading the unbounded number of HTTP/2 CONTINUATION frames. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
256) Unchecked Return Value
EUVDB-ID: #VU85709
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-0743
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an unchecked return value in TLS handshake code in NSS TLS method. A remote attacker can trick the victim to visit a specially crafted website and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
257) Buffer overflow
EUVDB-ID: #VU93896
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-6602
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in NSS. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
258) Double free
EUVDB-ID: #VU94622
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-6609
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in NSS. A remote attacker can force the browser to free an elliptic curve key which was never allocated and crash the browser.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
259) Race condition
EUVDB-ID: #VU93513
Risk: High
CVSSv4.0: 8.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2024-6387
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition in portable version of sshd. A remote non-authenticated attacker can send a series of requests in order to trigger a race condition and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
260) Off-by-one
EUVDB-ID: #VU83508
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-47038
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an off-by-one error when processing regular expressions. A remote attacker can trigger an off-by-one error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
261) Untrusted search path
EUVDB-ID: #VU83509
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-47039
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path. An attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\ProgramData.
The vulnerability affects Windows installations only.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
262) Improper Certificate Validation
EUVDB-ID: #VU96731
Risk: High
CVSSv4.0: 8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-39689
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to modify data on the system.
The vulnerability exists due to Certifi python-certifi provide weaker than expected security, caused by the use of GLOBALTRUST root certificate. A remote attacker can trigger the vulnerability to launch further attacks on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
263) Error Handling
EUVDB-ID: #VU72036
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-23931
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows an attacker to misuse Python API.
The vulnerability exists due to a soundness bug within the Cipher.update_into function, which can allow immutable objects (such as bytes) to be mutated. A malicious programmer can misuse Python API to introduce unexpected behavior into the application.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
264) Buffer overflow
EUVDB-ID: #VU97287
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46675
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dwc3_event_buffers_setup() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
265) Use-after-free
EUVDB-ID: #VU97251
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46673
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aac_init_adapter() function in drivers/scsi/aacraid/comminit.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
266) Use of uninitialized resource
EUVDB-ID: #VU95029
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42228
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the amdgpu_vce_ring_parse_cs() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
267) Double free
EUVDB-ID: #VU96162
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43830
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the led_trigger_set() function in drivers/leds/led-triggers.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
268) NULL pointer dereference
EUVDB-ID: #VU96136
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42308
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_plane_get_status() function in drivers/gpu/drm/amd/display/dc/core/dc_surface.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
269) NULL pointer dereference
EUVDB-ID: #VU96135
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42309
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the psb_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/psb_intel_lvds.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
270) NULL pointer dereference
EUVDB-ID: #VU96134
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42310
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cdv_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/cdv_intel_lvds.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
271) Use of uninitialized resource
EUVDB-ID: #VU96172
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42311
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hfs_new_inode() and hfs_inode_read_fork() functions in fs/hfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
272) Input validation error
EUVDB-ID: #VU96209
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42312
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the proc_sys_make_inode() function in fs/proc/proc_sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
273) Use-after-free
EUVDB-ID: #VU96109
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42313
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vdec_close() function in drivers/media/platform/qcom/venus/vdec.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
274) Use of uninitialized resource
EUVDB-ID: #VU96169
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43828
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ext4_es_find_extent_range() function in fs/ext4/extents_status.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
275) NULL pointer dereference
EUVDB-ID: #VU96124
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43829
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qxl_add_mode() function in drivers/gpu/drm/qxl/qxl_display.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
276) Use-after-free
EUVDB-ID: #VU96103
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43834
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xdp_unreg_mem_model() function in net/core/xdp.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
277) Resource management error
EUVDB-ID: #VU96182
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42305
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the add_dirent_to_buf() and make_indexed_dir() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
278) Improper locking
EUVDB-ID: #VU96148
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43835
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the virtnet_receive(), virtnet_poll_cleantx(), virtnet_poll() and virtnet_poll_tx() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
279) Input validation error
EUVDB-ID: #VU96197
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43839
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bnad_tx_msix_register() and bnad_rx_msix_register() functions in drivers/net/ethernet/brocade/bna/bnad.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
280) Resource management error
EUVDB-ID: #VU96187
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43841
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the virt_wifi_inform_bss(), virt_wifi_connect() and virt_wifi_connect_complete() functions in drivers/net/wireless/virt_wifi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
281) Resource management error
EUVDB-ID: #VU96186
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43846
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the objagg_obj_parent_assign() function in lib/objagg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
282) Input validation error
EUVDB-ID: #VU96200
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43849
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pdr_locator_new_server(), pdr_locator_del_server() and pdr_get_domain_list() functions in drivers/soc/qcom/pdr_interface.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
283) Use-after-free
EUVDB-ID: #VU96104
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43853
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the proc_cpuset_show() function in kernel/cgroup/cpuset.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
284) Memory leak
EUVDB-ID: #VU96099
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43854
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bio_integrity_prep() function in block/bio-integrity.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
285) Buffer overflow
EUVDB-ID: #VU96191
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43856
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dmam_free_coherent() function in kernel/dma/mapping.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
286) Buffer overflow
EUVDB-ID: #VU96184
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42306
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udf_sb_free_bitmap() function in fs/udf/super.c, within the read_block_bitmap() and __load_block_bitmap() functions in fs/udf/balloc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
287) Improper error handling
EUVDB-ID: #VU96164
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42304
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __ext4_read_dirblock(), ext4_empty_dir() and ext4_get_first_dir_block() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
288) NULL pointer dereference
EUVDB-ID: #VU96118
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43860
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the imx_rproc_addr_init() function in drivers/remoteproc/imx_rproc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
289) Buffer overflow
EUVDB-ID: #VU96176
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42284
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
290) Infinite loop
EUVDB-ID: #VU95515
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42246
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the xs_tcp_setup_socket() function in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
291) Buffer overflow
EUVDB-ID: #VU96008
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42259
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the i915_error_to_vmf_fault() and vm_fault_gtt() functions in drivers/gpu/drm/i915/gem/i915_gem_mman.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
292) Input validation error
EUVDB-ID: #VU96203
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42265
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __releases() function in fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
293) Use of uninitialized resource
EUVDB-ID: #VU96171
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42272
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the DEFINE_MUTEX() and offsetof() functions in net/sched/act_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
294) Input validation error
EUVDB-ID: #VU96205
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42276
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nvme_prep_rq() function in drivers/nvme/host/pci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
295) Use-after-free
EUVDB-ID: #VU96106
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42280
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfcmulti_dtmf() and HFC_wait_nodebug() functions in drivers/isdn/hardware/mISDN/hfcmulti.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
296) Input validation error
EUVDB-ID: #VU96206
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42281
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bpf_skb_net_grow() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
297) Memory leak
EUVDB-ID: #VU96195
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42283
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nla_put_nh_group() function in net/ipv4/nexthop.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
298) Use-after-free
EUVDB-ID: #VU96107
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42285
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
299) Use-after-free
EUVDB-ID: #VU96108
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42302
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pci_bus_max_d3cold_delay() and pci_bridge_wait_for_secondary_bus() functions in drivers/pci/pci.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
300) NULL pointer dereference
EUVDB-ID: #VU96141
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42286
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla_nvme_register_remote() function in drivers/scsi/qla2xxx/qla_nvme.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
301) NULL pointer dereference
EUVDB-ID: #VU96140
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42287
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __qla2x00_abort_all_cmds() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
302) Buffer overflow
EUVDB-ID: #VU96177
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42288
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the qla2x00_number_of_exch() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
303) NULL pointer dereference
EUVDB-ID: #VU96139
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42289
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla24xx_disable_vp() function in drivers/scsi/qla2xxx/qla_mid.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
304) Resource management error
EUVDB-ID: #VU96181
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42290
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the imx_irqsteer_get_reg_index(), imx_irqsteer_irq_mask() and imx_irqsteer_probe() functions in drivers/irqchip/irq-imx-irqsteer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
305) Out-of-bounds read
EUVDB-ID: #VU96114
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42292
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the zap_modalias_env() function in lib/kobject_uevent.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
306) Improper error handling
EUVDB-ID: #VU96166
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42295
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_btree_get_new_block() function in fs/nilfs2/btree.c, within the nilfs_btnode_create_block() function in fs/nilfs2/btnode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
307) Improper error handling
EUVDB-ID: #VU96165
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42297
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_mark_inode_dirty_sync() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
308) Out-of-bounds read
EUVDB-ID: #VU96116
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42301
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
309) Out-of-bounds read
EUVDB-ID: #VU96113
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43858
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the diSync() and diRead() functions in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
310) Memory leak
EUVDB-ID: #VU96290
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43861
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
311) NULL pointer dereference
EUVDB-ID: #VU97173
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45028
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtf_test_write() function in drivers/mmc/core/mmc_test.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
312) Improper locking
EUVDB-ID: #VU96855
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44995
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hns3_reset_notify_uninit_enet() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
313) Buffer overflow
EUVDB-ID: #VU96878
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44965
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pti_clone_pgtable() function in arch/x86/mm/pti.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
314) Resource management error
EUVDB-ID: #VU96882
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44968
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tick_broadcast_switch_to_oneshot() and hotplug_cpu__broadcast_tick_pull() functions in kernel/time/tick-broadcast.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
315) Memory leak
EUVDB-ID: #VU96832
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44971
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcm_sf2_mdio_register() function in drivers/net/dsa/bcm_sf2.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
316) Use-after-free
EUVDB-ID: #VU96834
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44974
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lookup_subflow_by_daddr(), select_local_address(), select_signal_address(), __lookup_addr() and mptcp_pm_create_subflow_or_signal_addr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
317) Use-after-free
EUVDB-ID: #VU96839
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44987
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_send_skb() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
318) Out-of-bounds read
EUVDB-ID: #VU96845
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44988
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mv88e6xxx_g1_atu_prob_irq_thread_fn() function in drivers/net/dsa/mv88e6xxx/global1_atu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
319) NULL pointer dereference
EUVDB-ID: #VU96847
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44989
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bond_ipsec_del_sa_all() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
320) NULL pointer dereference
EUVDB-ID: #VU96848
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44990
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bond_ipsec_offload_ok() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
321) Use-after-free
EUVDB-ID: #VU96842
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44998
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dequeue_rx() function in drivers/atm/idt77252.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
322) Improper locking
EUVDB-ID: #VU96859
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44954
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the line6_data_received() function in sound/usb/line6/driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
323) Use of uninitialized resource
EUVDB-ID: #VU96870
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44999
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the gtp_dev_xmit() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
324) Use-after-free
EUVDB-ID: #VU96843
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45003
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the inode_lru_list_del(), evict() and inode_lru_isolate() functions in fs/inode.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
325) NULL pointer dereference
EUVDB-ID: #VU96852
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45006
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_configure_endpoint() and xhci_setup_device() functions in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
326) Buffer overflow
EUVDB-ID: #VU96883
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45008
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the input_mt_init_slots() function in drivers/input/input-mt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
327) Use-after-free
EUVDB-ID: #VU97169
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45016
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the netem_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
328) Use of uninitialized resource
EUVDB-ID: #VU97182
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45018
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nf_flow_offload_tuple() function in net/netfilter/nf_flow_table_offload.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
329) Improper Initialization
EUVDB-ID: #VU97184
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45021
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
330) Incorrect calculation
EUVDB-ID: #VU97193
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45025
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the free_fdtable_rcu(), copy_fdtable() and dup_fd() functions in fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
331) NULL pointer dereference
EUVDB-ID: #VU96854
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44960
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the usb_ep_enable() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
332) Improper locking
EUVDB-ID: #VU96857
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44952
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the make_driver_name() and module_remove_driver() functions in drivers/base/module.c, within the dev_uevent() and uevent_show() functions in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
333) Integer underflow
EUVDB-ID: #VU96301
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43867
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nouveau_gem_prime_import_sg_table() function in drivers/gpu/drm/nouveau/nouveau_prime.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
334) Race condition
EUVDB-ID: #VU96546
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43892
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the MEM_CGROUP_ID_MAX(), mem_cgroup_alloc() and mem_cgroup_css_online() functions in mm/memcontrol.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
335) Memory leak
EUVDB-ID: #VU96287
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43871
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in drivers/base/devres.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
336) Resource management error
EUVDB-ID: #VU96304
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43879
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cfg80211_calculate_bitrate_he() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
337) Resource management error
EUVDB-ID: #VU96305
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43880
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the objagg_hints_obj_cmp() and objagg_hints_get() functions in lib/objagg.c, within the mlxsw_sp_acl_erp_delta_check() and mlxsw_sp_acl_erp_root_destroy() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
338) Improper locking
EUVDB-ID: #VU96295
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43882
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bprm_fill_uid() function in fs/exec.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
339) Input validation error
EUVDB-ID: #VU96493
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43883
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vhci_urb_enqueue(), vhci_shutdown_connection() and vhci_device_reset() functions in drivers/usb/usbip/vhci_hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
340) NULL pointer dereference
EUVDB-ID: #VU96538
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43884
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pair_device() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
341) Division by zero
EUVDB-ID: #VU96545
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43889
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the padata_do_multithreaded() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
342) Buffer overflow
EUVDB-ID: #VU96544
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43890
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the get_free_elt(), tracing_map_clear() and tracing_map_create() functions in kernel/trace/tracing_map.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
343) Improper locking
EUVDB-ID: #VU96540
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43893
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the uart_set_info() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
344) Input validation error
EUVDB-ID: #VU96889
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44948
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mtrr_save_state() function in arch/x86/kernel/cpu/mtrr/mtrr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
345) NULL pointer dereference
EUVDB-ID: #VU96536
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43894
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
346) NULL pointer dereference
EUVDB-ID: #VU96528
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43905
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vega10_find_dpm_states_clocks_in_dpm_table(), vega10_generate_dpm_level_enable_mask(), vega10_check_states_equal(), vega10_set_sclk_od(), vega10_set_mclk_od(), vega10_odn_update_power_state() and vega10_get_performance_level() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
347) NULL pointer dereference
EUVDB-ID: #VU96526
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43907
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vega10_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c, within the smu8_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c, within the smu7_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
348) NULL pointer dereference
EUVDB-ID: #VU96525
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43908
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_ras_interrupt_process_handler() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
349) Input validation error
EUVDB-ID: #VU96542
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43914
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the reshape_request() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
350) NULL pointer dereference
EUVDB-ID: #VU96522
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44935
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __sctp_hash_endpoint() and __sctp_unhash_endpoint() functions in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
351) Type Confusion
EUVDB-ID: #VU96639
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44944
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
352) Use-after-free
EUVDB-ID: #VU96658
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-44946
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kcm_sendmsg(), KCM_STATS_ADD(), sk->sk_write_space() and init_kcm_sock() functions in net/kcm/kcmsock.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
353) Memory leak
EUVDB-ID: #VU96711
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-44947
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fuse_notify_store() function in fs/fuse/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
354) NULL pointer dereference
EUVDB-ID: #VU90588
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26813
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vfio_platform_set_irq_unmask(), vfio_automasked_irq_handler(), vfio_irq_handler(), vfio_set_trigger(), vfio_platform_set_irq_trigger(), vfio_platform_set_irqs_ioctl(), vfio_platform_irq_init() and vfio_platform_irq_cleanup() functions in drivers/vfio/platform/vfio_platform_irq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
355) Improper locking
EUVDB-ID: #VU91318
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26810
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_pci_intx_mask(), vfio_pci_intx_unmask_handler(), vfio_pci_set_intx_unmask() and vfio_pci_set_intx_mask() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
356) Resource exhaustion
EUVDB-ID: #VU86383
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-4408
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing DNS messages. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
357) Out-of-bounds read
EUVDB-ID: #VU93080
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38659
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the enic_set_vf_port() function in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
358) Input validation error
EUVDB-ID: #VU92371
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38618
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
359) Use of uninitialized resource
EUVDB-ID: #VU93082
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38619
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the short_pack() and alauda_check_media() functions in drivers/usb/storage/alauda.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
360) Out-of-bounds read
EUVDB-ID: #VU93025
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38621
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the stk1160_buffer_done() and stk1160_copy_video() functions in drivers/media/usb/stk1160/stk1160-video.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
361) Double free
EUVDB-ID: #VU93040
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38627
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the stm_register_device() function in drivers/hwtracing/stm/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
362) NULL pointer dereference
EUVDB-ID: #VU93032
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38633
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the max3100_probe() and max3100_remove() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
363) Improper locking
EUVDB-ID: #VU93038
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38634
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the max3100_sr() and max3100_handlerx() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
364) Out-of-bounds read
EUVDB-ID: #VU93027
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38635
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sdw_cdns_alloc_pdi() function in drivers/soundwire/cadence_master.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
365) NULL pointer dereference
EUVDB-ID: #VU93046
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38637
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __gb_lights_flash_brightness_set() and gb_lights_light_v4l2_register() functions in drivers/staging/greybus/light.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
366) Improper locking
EUVDB-ID: #VU93333
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38661
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hex2bitmap() function in drivers/s390/crypto/ap_bus.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
367) Improper locking
EUVDB-ID: #VU92359
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38613
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the arch/m68k/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
368) Improper locking
EUVDB-ID: #VU93033
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38662
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the may_update_sockmap() and check_map_func_compatibility() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
369) Improper locking
EUVDB-ID: #VU93034
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38780
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sync_print_obj() function in drivers/dma-buf/sync_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
370) Memory leak
EUVDB-ID: #VU93320
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39276
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ext4_xattr_block_cache_find() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
371) Resource management error
EUVDB-ID: #VU93178
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39292
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the register_winch_irq() function in arch/um/drivers/line.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
372) Use of uninitialized resource
EUVDB-ID: #VU93337
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39301
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the p9_fcall_init() function in net/9p/client.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
373) Out-of-bounds read
EUVDB-ID: #VU93325
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39467
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sanity_check_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
374) Improper locking
EUVDB-ID: #VU93335
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39468
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smb2_find_smb_tcon() function in fs/smb/client/smb2transport.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
375) Improper error handling
EUVDB-ID: #VU93336
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39469
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_empty_dir() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
376) Input validation error
EUVDB-ID: #VU94120
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38615
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __cpufreq_offline() and cpufreq_remove_dev() functions in drivers/cpufreq/cpufreq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
377) Use-after-free
EUVDB-ID: #VU92314
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38612
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the IS_ENABLED() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
378) Division by zero
EUVDB-ID: #VU93828
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39475
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the savagefb_probe() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
379) Buffer overflow
EUVDB-ID: #VU93134
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38586
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rtl8169_doorbell() and rtl8169_start_xmit() functions in drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
380) Out-of-bounds read
EUVDB-ID: #VU92328
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38559
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
381) Out-of-bounds read
EUVDB-ID: #VU92327
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38560
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bfad_debugfs_write_regrd() and bfad_debugfs_write_regwr() functions in drivers/scsi/bfa/bfad_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
382) Resource management error
EUVDB-ID: #VU93836
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38565
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ar5523_probe() function in drivers/net/wireless/ath/ar5523/ar5523.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
383) Input validation error
EUVDB-ID: #VU92370
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38567
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the carl9170_usb_probe() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
384) Out-of-bounds read
EUVDB-ID: #VU92322
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38578
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the write_tag_66_packet() function in fs/ecryptfs/keystore.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
385) Buffer overflow
EUVDB-ID: #VU92953
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38579
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the spu2_dump_omd() function in drivers/crypto/bcm/spu2.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
386) Improper locking
EUVDB-ID: #VU92366
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38582
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_sync(), nilfs_segctor_wakeup(), nilfs_segctor_notify() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
387) Use-after-free
EUVDB-ID: #VU92311
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38583
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_segctor_start_timer(), nilfs_construct_dsync_segment(), nilfs_segctor_notify(), nilfs_segctor_thread(), nilfs_segctor_new() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
388) Out-of-bounds read
EUVDB-ID: #VU92321
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38587
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_word() function in drivers/staging/speakup/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
389) Resource management error
EUVDB-ID: #VU93181
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38607
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the macii_probe() function in drivers/macintosh/via-macii.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
390) Improper locking
EUVDB-ID: #VU92365
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38589
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nr_add_node() and nr_del_node() functions in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
391) Resource management error
EUVDB-ID: #VU93087
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38590
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the get_cqe_status() function in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
392) Race condition within a thread
EUVDB-ID: #VU92380
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38596
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the unix_stream_sendmsg() function in net/unix/af_unix.c. A local user can manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
393) Improper locking
EUVDB-ID: #VU92361
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38597
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gem_interrupt() and gem_init_one() functions in drivers/net/ethernet/sun/sungem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
394) Out-of-bounds read
EUVDB-ID: #VU92320
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38598
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __acquires() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
395) Out-of-bounds read
EUVDB-ID: #VU92319
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38599
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_jffs2_setxattr() function in fs/jffs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
396) Infinite loop
EUVDB-ID: #VU93063
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38601
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rb_check_list() and ring_buffer_resize() functions in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
397) NULL pointer dereference
EUVDB-ID: #VU93048
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38605
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_card_new() function in sound/core/init.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
398) Out-of-bounds read
EUVDB-ID: #VU93326
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39471
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
399) Improper locking
EUVDB-ID: #VU93824
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39476
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the raid5d() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
400) Use-after-free
EUVDB-ID: #VU92307
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38555
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cmd_comp_notifier() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
401) Input validation error
EUVDB-ID: #VU94318
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40963
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bcm6358_quirks() function in arch/mips/bmips/setup.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
402) Buffer overflow
EUVDB-ID: #VU94315
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40941
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the iwl_mvm_mfu_assert_dump_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
403) Memory leak
EUVDB-ID: #VU94207
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40942
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mesh_path_discard_frame() function in net/mac80211/mesh_pathtbl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
404) Improper locking
EUVDB-ID: #VU94278
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40943
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ocfs2_change_file_space() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
405) NULL pointer dereference
EUVDB-ID: #VU94250
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40945
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/iommu.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
406) Use-after-free
EUVDB-ID: #VU94215
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40958
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in net/core/net_namespace.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
407) NULL pointer dereference
EUVDB-ID: #VU94246
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40959
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xfrm6_get_saddr() function in net/ipv6/xfrm6_policy.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
408) NULL pointer dereference
EUVDB-ID: #VU94245
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40960
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_probe() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
409) NULL pointer dereference
EUVDB-ID: #VU94244
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40961
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fib6_nh_init() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
410) Input validation error
EUVDB-ID: #VU94319
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40968
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __cvmx_pcie_build_config_addr() function in arch/mips/pci/pcie-octeon.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
411) Memory leak
EUVDB-ID: #VU94204
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40932
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vidi_get_modes() function in drivers/gpu/drm/exynos/exynos_drm_vidi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
412) Input validation error
EUVDB-ID: #VU94323
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40971
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the default_options() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
413) Buffer overflow
EUVDB-ID: #VU94301
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40974
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the arch/powerpc/include/asm/hvcall.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
414) Race condition
EUVDB-ID: #VU94297
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40976
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lima_sched_timedout_job() function in drivers/gpu/drm/lima/lima_sched.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
415) Resource management error
EUVDB-ID: #VU94299
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40978
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qedi_dbg_do_not_recover_cmd_read() function in drivers/scsi/qedi/qedi_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
416) Improper locking
EUVDB-ID: #VU94270
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40980
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reset_per_cpu_data(), trace_drop_common(), net_dm_hw_reset_per_cpu_data(), net_dm_hw_summary_probe() and __net_dm_cpu_data_init() functions in net/core/drop_monitor.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
417) Improper locking
EUVDB-ID: #VU94269
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40981
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the batadv_purge_orig_ref() function in net/batman-adv/originator.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
418) Resource management error
EUVDB-ID: #VU94304
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40983
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tipc_rcv() function in net/tipc/node.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
419) NULL pointer dereference
EUVDB-ID: #VU94239
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40984
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_ex_system_memory_space_handler() function in drivers/acpi/acpica/exregion.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
420) Memory leak
EUVDB-ID: #VU94205
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40934
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the logi_dj_recv_switch_to_dj_mode() function in drivers/hid/hid-logitech-dj.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
421) Use of uninitialized resource
EUVDB-ID: #VU94293
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40931
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mptcp_stream_connect() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
422) Buffer overflow
EUVDB-ID: #VU93827
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39480
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kdb_printf() function in kernel/debug/kdb/kdb_io.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
423) NULL pointer dereference
EUVDB-ID: #VU94261
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39502
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ionic_qcq_enable() function in drivers/net/ethernet/pensando/ionic/ionic_lif.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
424) Out-of-bounds read
EUVDB-ID: #VU93821
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39482
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bch_dirty_init_thread() and bch_sectors_dirty_init() functions in drivers/md/bcache/writeback.c, within the bch_root_usage() function in drivers/md/bcache/sysfs.c, within the bch_cache_set_alloc() function in drivers/md/bcache/super.c, within the btree_gc_mark_node(), btree_gc_rewrite_node(), btree_gc_recurse(), bch_btree_check_recurse(), bch_btree_check_thread(), bch_btree_check(), bch_btree_map_nodes_recurse() and bch_btree_map_keys_recurse() functions in drivers/md/bcache/btree.c, within the bch_dump_bucket(), __bch_check_keys(), bch_btree_insert_key(), bch_btree_iter_push(), bch_btree_sort_partial() and bch_btree_sort_into() functions in drivers/md/bcache/bset.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
425) Memory leak
EUVDB-ID: #VU93818
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39484
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the davinci_mmcsd_remove() and __exit_p() functions in drivers/mmc/host/davinci_mmc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
426) Improper error handling
EUVDB-ID: #VU94087
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39488
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/arm64/include/asm/asm-bug.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
427) Memory leak
EUVDB-ID: #VU94084
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39489
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_hmac_init_algo() and seg6_hmac_net_init() functions in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
428) Memory leak
EUVDB-ID: #VU94086
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39493
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the adf_device_reset_worker() and adf_dev_aer_schedule_reset() functions in drivers/crypto/qat/qat_common/adf_aer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
429) Use-after-free
EUVDB-ID: #VU94232
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39495
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gb_interface_release() function in drivers/greybus/interface.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
430) Memory leak
EUVDB-ID: #VU94201
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39499
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the event_deliver() function in drivers/misc/vmw_vmci/vmci_event.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
431) Improper locking
EUVDB-ID: #VU94277
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39501
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the uevent_show() function in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
432) Use-after-free
EUVDB-ID: #VU94230
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39503
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the list_set_kadd(), list_set_kdel(), list_set_utest(), list_set_uadd(), list_set_udel() and list_set_destroy() functions in net/netfilter/ipset/ip_set_list_set.c, within the call_rcu(), ip_set_destroy() and ip_set_net_init() functions in net/netfilter/ipset/ip_set_core.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
433) Out-of-bounds read
EUVDB-ID: #VU94234
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40929
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iwl_mvm_scan_umac_dwell() and iwl_mvm_scan_umac_dwell_v10() functions in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
434) NULL pointer dereference
EUVDB-ID: #VU94259
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39505
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the komeda_component_get_avail_scaler() function in drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
435) NULL pointer dereference
EUVDB-ID: #VU94258
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39506
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lio_vf_rep_copy_packet() function in drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
436) Resource management error
EUVDB-ID: #VU94310
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39509
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the implement() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
437) Out-of-bounds read
EUVDB-ID: #VU94233
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40901
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mpt3sas_base_attach() and _base_check_ioc_facts_changes() functions in drivers/scsi/mpt3sas/mpt3sas_base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
438) Buffer overflow
EUVDB-ID: #VU94296
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40902
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ea_get() function in fs/jfs/xattr.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
439) Improper locking
EUVDB-ID: #VU94283
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40904
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wdm_int_callback() function in drivers/usb/class/cdc-wdm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
440) NULL pointer dereference
EUVDB-ID: #VU94257
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40905
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_get_pcpu_route() function in net/ipv6/route.c, within the __fib6_drop_pcpu_from() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
441) Improper locking
EUVDB-ID: #VU94282
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40912
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ieee80211_sta_ps_deliver_wakeup() function in net/mac80211/sta_info.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
442) Improper locking
EUVDB-ID: #VU94281
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40916
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hdmi_get_modes() function in drivers/gpu/drm/exynos/exynos_hdmi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
443) Input validation error
EUVDB-ID: #VU94117
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-38558
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing ICMPv6 packets within the parse_icmpv6() function in net/openvswitch/flow.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
444) Out-of-bounds read
EUVDB-ID: #VU92330
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38552
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
445) Resource management error
EUVDB-ID: #VU94308
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40988
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/radeon/sumo_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
446) Resource exhaustion
EUVDB-ID: #VU77349
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-32665
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
447) Out-of-bounds read
EUVDB-ID: #VU81256
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-42119
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in dnsdb implementation. A remote attacker can send specially crafted data to the server, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
448) Input validation error
EUVDB-ID: #VU94107
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2024-39929
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of RFC 2231 header filename. A remote attacker can bypass a $mime_filename extension-blocking protection mechanism and deliver malicious executable files to the mailboxes.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
449) Resource exhaustion
EUVDB-ID: #VU86230
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-52425
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing large tokens. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
450) Buffer Underwrite ('Buffer Underflow')
EUVDB-ID: #VU96897
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-45490
CWE-ID:
CWE-124 - Buffer Underwrite ('Buffer Underflow')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in xmlparse.c when handling negative length for XML_ParseBuffer. A remote attacker can pass specially crafted input to the application, trigger buffer underflow and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
451) Integer overflow
EUVDB-ID: #VU96898
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-45491
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the dtdCopy() function in xmlparse.c. A remote attacker can pass specially crafted input to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
452) Integer overflow
EUVDB-ID: #VU96899
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-45492
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the nextScaffoldPart() function in xmlparse.c. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
453) Input validation error
EUVDB-ID: #VU77351
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-29499
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
454) Resource exhaustion
EUVDB-ID: #VU77350
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-32611
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the g_variant_byteswap() function. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
455) Insufficient verification of data authenticity
EUVDB-ID: #VU89351
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-34397
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to missing authorization for D-Bus signals. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
456) Use-after-free
EUVDB-ID: #VU69579
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-3559
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in the regex handler. A remote attacker can send specially crafted data to the mail server, trigger a use-after-free error and perform a denial of service (DoS) attack.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
457) Buffer overflow
EUVDB-ID: #VU88822
Risk: High
CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-2961
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the iconv() function when converting string to the ISO-2022-CN-EXT character set. A remote attacker can pass specially crafted input to the application, trigger a 4 byte buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
458) Stack-based buffer overflow
EUVDB-ID: #VU89712
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-33599
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in nscd binary. A remote unauthenticated attacker can exhaust the nscd fixed size cache to trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
459) NULL pointer dereference
EUVDB-ID: #VU89711
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-33600
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when nscd cache fails to add a not-found netgroup response to the cache. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
460) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU89710
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-33601
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The
vulnerability exists due to the Name Service Cache Daemon (nscd) can terminate the service during its startup. A local use can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
461) Buffer overflow
EUVDB-ID: #VU89709
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-33602
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to netgroup cache assumes NSS callback is using in-buffer strings in nscd binary. A remote attacker can trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
462) Information Exposure Through Timing Discrepancy
EUVDB-ID: #VU83316
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-5981
CWE-ID:
CWE-208 - Information Exposure Through Timing Discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform timing attack.
The vulnerability exists due to the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. A remote attacker can perform timing sidechannel attack in RSA-PSK key exchange.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
463) Information Exposure Through Timing Discrepancy
EUVDB-ID: #VU85623
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-0553
CWE-ID:
CWE-208 - Information Exposure Through Timing Discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform timing attack.
The vulnerability exists due to the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. A remote attacker can perform timing sidechannel attack in RSA-PSK key exchange.
Note, the vulnerability exists due to incomplete fox for #VU83316 (CVE-2023-5981).
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
464) Reachable Assertion
EUVDB-ID: #VU85624
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-0567
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when verifying a certificate chain with a cycle of cross signatures. A remote attacker can pass a specially crafted certificate to the application and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
465) Buffer overflow
EUVDB-ID: #VU81254
Risk: Critical
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red]
CVE-ID: CVE-2023-42117
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the smtp service. A remote attacker can send specially crafted data to the server, trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
466) Man-in-the-Middle (MitM) attack
EUVDB-ID: #VU73857
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-38371
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to the way Exim handles concurrent STARTTLS sessions when sending out emails. A malicious server can send a response to the *next* command within the existing STARTTLS sessions and force the Exim to treat this session as trusted.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
467) Input validation error
EUVDB-ID: #VU87672
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-28835
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing the cert_list_size parameter in the gnutls_x509_trust_list_verify_crt2() function in certtool. A remote attacker can pass specially crafted PEM encoded certificate chain that contains more than 16 certificates to the certtool and crash it.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
468) Reachable assertion
EUVDB-ID: #VU94713
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-4076
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when serving both stale cache data and authoritative zone content. A remote attacker can send specially crafted queries to the DNS server to trigger an assertion failure and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
469) Resource exhaustion
EUVDB-ID: #VU86377
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2023-50387
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when processing DNSSEC related records. A remote attacker can trigger resource exhaustion by forcing the DNS server to query a specially crafted DNSSEC zone and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
470) Resource exhaustion
EUVDB-ID: #VU86378
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2023-50868
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when processing DNSSEC related records. A remote attacker can trigger resource exhaustion by forcing the DNS server to query a specially crafted DNSSEC zone and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
471) Reachable Assertion
EUVDB-ID: #VU86382
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-5517
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when querying RFC 1918 reverse zones. A remote attacker can send a specially crafted DNS query and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
472) Reachable Assertion
EUVDB-ID: #VU86381
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-5679
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion caused by a bad interaction between DNS64 and serve-stale. A remote attacker can query a DNS64-enabled resolver for domain names triggering serve-stale.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
473) Resource exhaustion
EUVDB-ID: #VU86379
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-6516
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when processing specific recursive patterns. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack against the DNS resolver.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
474) Resource exhaustion
EUVDB-ID: #VU94709
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-0760
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion by sending a flood of DNS messages over TCP and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
475) Resource management error
EUVDB-ID: #VU94710
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-1737
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling a very large number of RRs. Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
476) Resource exhaustion
EUVDB-ID: #VU94711
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-1975
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
477) Incorrect authorization
EUVDB-ID: #VU83408
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3658
CWE-ID:
CWE-863 - Incorrect Authorization
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to bluetoothd incorrectly saves the adapters' discoverable status
when a device is powered down, and restores it when powered up. An attacker with physical proximity to device can gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
478) Out-of-bounds write
EUVDB-ID: #VU64075
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1304
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A local attacker can use a specially crafted filesystem, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
479) Memory leak
EUVDB-ID: #VU79524
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-41229
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in sdp_cstate_alloc_buf() function. A remote attacker can send specially crafted packets to the device and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
480) Use-after-free
EUVDB-ID: #VU83407
Risk: Medium
CVSSv4.0: 3.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-43400
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in gatt-database.c on a gatt server if a client disconnects while a WriteValue call is being processed with D-Bus. An attacker with physical proximity to the system can trigger a use-after-free error and potentially execute arbitrary code.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
481) Heap-based buffer overflow
EUVDB-ID: #VU66639
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-0204
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A remote attacker on the local network can pass specially crafted files to the affected system, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
482) Information exposure through externally-generated error message
EUVDB-ID: #VU67750
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-39176
CWE-ID:
CWE-211 - Externally-generated error message containing sensitive information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application while handling error conditions within profiles/audio/avrcp.c. A remote attacker on the local network can obtain sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
483) Input validation error
EUVDB-ID: #VU64523
Risk: Medium
CVSSv4.0: 5.2 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-39177
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to insufficient validation of user-supplied input when handling the A2DP profile in profiles/audio/avdtp.c. A remote attacker can pass specially crafted data to the system and execute arbitrary code.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
484) Buffer overflow
EUVDB-ID: #VU75105
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-27349
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the handling of the AVRCP protocol. A remote attacker with physical proximity to device can send specially crafted Bluetooth packets to the affected system, trigger memory corruption and execute arbitrary code on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
485) Heap-based buffer overflow
EUVDB-ID: #VU84605
Risk: Medium
CVSSv4.0: 4.4 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-50229
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the handling of the Phone Book Access profile. A remote attacker on the local network can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
486) Heap-based buffer overflow
EUVDB-ID: #VU84603
Risk: Medium
CVSSv4.0: 4.4 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-50230
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the handling of the Phone Book Access profile. A remote attacker on the local network can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
487) Missing Release of Resource after Effective Lifetime
EUVDB-ID: #VU87850
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-2398
CWE-ID:
CWE-772 - Missing Release of Resource after Effective Lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when sending HTTP/2 server push responses with an overly large number of headers. A remote attacker can send PUSH_PROMISE frames with an excessive amount of headers to the application, trigger memory leak and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
488) Cryptographic issues
EUVDB-ID: #VU87671
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-28834
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to a side-channel attack when using the gnutls_privkey_sign_data2 API function with the "GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE" flag. A remote attacker can launch Minerva attack and gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
489) Input validation error
EUVDB-ID: #VU93518
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-37370
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
490) Resource management error
EUVDB-ID: #VU93390
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38549
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mtk_drm_gem_init() function in drivers/gpu/drm/mediatek/mtk_drm_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
491) Improper locking
EUVDB-ID: #VU90735
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36894
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ffs_user_copy_worker() and ffs_epfile_async_io_complete() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
492) NULL pointer dereference
EUVDB-ID: #VU93122
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35247
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fpga_region_get(), fpga_region_put(), ATTRIBUTE_GROUPS(), fpga_region_register_full(), ERR_PTR() and EXPORT_SYMBOL_GPL() functions in drivers/fpga/fpga-region.c, within the fpga_region_register_full() function in Documentation/driver-api/fpga/fpga-region.rst. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
493) NULL pointer dereference
EUVDB-ID: #VU89897
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36014
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the malidp_mw_connector_reset() function in drivers/gpu/drm/arm/malidp_mw.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
494) Unchecked Return Value
EUVDB-ID: #VU89896
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36015
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an unchecked return value within the register_device() function in drivers/char/ppdev.c. A local user can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
495) Out-of-bounds write
EUVDB-ID: #VU89898
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36016
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the gsm0_receive() function in drivers/tty/n_gsm.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
496) NULL pointer dereference
EUVDB-ID: #VU93028
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36270
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nf_tproxy_laddr4() function in net/ipv4/netfilter/nf_tproxy_ipv4.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
497) Improper locking
EUVDB-ID: #VU93036
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36286
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the instance_destroy_rcu() function in net/netfilter/nfnetlink_queue.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
498) Infinite loop
EUVDB-ID: #VU93062
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36288
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the gss_read_proxy_verf() function in net/sunrpc/auth_gss/svcauth_gss.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
499) NULL pointer dereference
EUVDB-ID: #VU93030
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36489
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tls_ctx_create() function in net/tls/tls_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
500) Use-after-free
EUVDB-ID: #VU91597
Risk: Critical
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2024-36971
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A remote attacker can send specially crafted packets to the system and execute arbitrary code.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
501) Reachable assertion
EUVDB-ID: #VU93128
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-33847
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the f2fs_setattr() function in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
502) Input validation error
EUVDB-ID: #VU93310
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36974
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the taprio_parse_mqprio_opt() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
503) Out-of-bounds read
EUVDB-ID: #VU92332
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36978
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the multiq_tune() function in net/sched/sch_multiq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
504) Improper locking
EUVDB-ID: #VU93342
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-37078
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_prepare_write() function in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
505) Out-of-bounds read
EUVDB-ID: #VU93024
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-37356
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net/ipv4/tcp_dctcp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
506) Use of uninitialized resource
EUVDB-ID: #VU93042
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38381
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nci_core_ntf_packet() and nci_rx_work() functions in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
507) NULL pointer dereference
EUVDB-ID: #VU92351
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38546
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vc4_hdmi_audio_init() function in drivers/gpu/drm/vc4/vc4_hdmi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
508) NULL pointer dereference
EUVDB-ID: #VU92350
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38547
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the load_video_binaries() function in drivers/staging/media/atomisp/pci/sh_css.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
509) NULL pointer dereference
EUVDB-ID: #VU92349
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38548
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cdns_mhdp_atomic_enable() function in drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
510) Improper locking
EUVDB-ID: #VU93125
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-34027
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_release_compress_blocks() and f2fs_reserve_compress_blocks() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
511) Resource management error
EUVDB-ID: #VU93043
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-33621
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ipvlan_process_v4_outbound() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
512) Out-of-bounds read
EUVDB-ID: #VU93519
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-37371
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling GSS message token. A remote attacker can send specially crafted token to the application, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
513) Out-of-bounds write
EUVDB-ID: #VU89322
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-49468
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the read_coding_unit() function in slice.cc. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
514) OS Command Injection
EUVDB-ID: #VU86885
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-48624
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation within the close_altfile() function in filename.c. A remote attacker can trick the victim into using a specially crafted argument for the less command and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
515) OS Command Injection
EUVDB-ID: #VU88533
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-32487
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when handling newline characters in the filename in filename.c. A remote attacker can trick the victim to pass a specially crafted filename to the affected command and execute arbitrary OS commands on the system.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
516) NULL pointer dereference
EUVDB-ID: #VU89318
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-27102
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the decoder_context::process_slice_segment_header() function in decctx.cc. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
517) Heap-based buffer overflow
EUVDB-ID: #VU89319
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-27103
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the derive_collocated_motion_vectors() function in motion.cc. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
518) Buffer overflow
EUVDB-ID: #VU89314
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-43887
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the pic_parameter_set::dump() function. A remote attacker can pass specially crafted data to the application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
519) Buffer overflow
EUVDB-ID: #VU89315
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-47471
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the slice_segment_header() function in the slice.cc. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
520) Heap-based buffer overflow
EUVDB-ID: #VU89320
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-49465
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the derive_spatial_luma_vector_prediction() function in motion.cc. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
521) Heap-based buffer overflow
EUVDB-ID: #VU89321
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-49467
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the derive_combined_bipredictive_merging_candidates() function in motion.cc. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
522) Buffer overflow
EUVDB-ID: #VU93866
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-5564
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in NetworkManager. A local user can send a malformed IPv6 router advertisement packet to trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
523) Memory leak
EUVDB-ID: #VU93016
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-31076
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the migrate_one_irq() function in kernel/irq/cpuhotplug.c, within the __send_cleanup_vector(), irq_complete_move() and irq_force_complete_move() functions in arch/x86/kernel/apic/vector.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
524) Out-of-bounds write
EUVDB-ID: #VU80523
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-22218
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of an uninitialized value within the _libssh2_transport_read() function in transport.c. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
525) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU86707
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-24806
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input when handling hostnames longer than 256 characters within the uv_getaddrinfo() function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c. A remote attacker can pass a specially crafted hostname to the application, which can be resolved to an attacker controlled IP address and initiate unauthorized requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
526) Cross-site scripting
EUVDB-ID: #VU66123
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-3709
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
527) NULL pointer dereference
EUVDB-ID: #VU66813
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2309
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the iterwalk() function. A remote attacker can pass specially crafted XML data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
528) Buffer overflow
EUVDB-ID: #VU69766
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-43945
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attacl.
The vulnerability exists due to a boundary error within the Linux kernel NFSD implementation. A remote attacker can send the RPC message over TCP with garbage data added at the end of the message, trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
529) NULL pointer dereference
EUVDB-ID: #VU93327
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48772
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lgdt3306a_probe() function in drivers/media/dvb-frontends/lgdt3306a.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
530) Resource management error
EUVDB-ID: #VU94364
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-25741
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the printer_write() in drivers/usb/gadget/function/f_printer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
531) Improper locking
EUVDB-ID: #VU91536
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26629
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_for_locks() and nfsd4_release_lockowner() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
532) Race condition within a thread
EUVDB-ID: #VU91431
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27019
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a data race within the __nft_obj_type_get() and nft_obj_type_get() functions in net/netfilter/nf_tables_api.c. A local user can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
533) Resource management error
EUVDB-ID: #VU94307
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40987
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
534) Input validation error
EUVDB-ID: #VU94325
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40990
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5_ib_create_srq() function in drivers/infiniband/hw/mlx5/srq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
535) Improper resource shutdown or release
EUVDB-ID: #VU93747
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26809
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the nft_pipapo_destroy() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
536) Out-of-bounds read
EUVDB-ID: #VU90336
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26665
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iptunnel_pmtud_build_icmpv6() function in net/ipv4/ip_tunnel_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
537) Race condition
EUVDB-ID: #VU88135
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26643
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the nf_tables_unbind_set() function in net/netfilter/nf_tables_api.c. A local user can exploit the race and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
538) Improper locking
EUVDB-ID: #VU91535
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26644
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the create_snapshot() function in fs/btrfs/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
539) Incorrect calculation
EUVDB-ID: #VU93762
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26645
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __tracing_map_insert() function in kernel/trace/tracing_map.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
540) Unchecked Return Value
EUVDB-ID: #VU87902
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26651
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing check of the return value from the usbnet_get_endpoints() function in drivers/net/usb/sr9800.c. A local user can crash the kernel.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
541) Race condition
EUVDB-ID: #VU88148
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26654
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in sound/sh/aica.c. A local user can exploit the race and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
542) Buffer overflow
EUVDB-ID: #VU93244
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26659
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the process_isoc_td() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
543) NULL pointer dereference
EUVDB-ID: #VU92073
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26663
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_nl_bearer_add() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
544) Out-of-bounds read
EUVDB-ID: #VU90335
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26664
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the create_core_data() function in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
545) Buffer overflow
EUVDB-ID: #VU92977
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26671
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the blk_mq_mark_tag_wait() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
546) Access of Uninitialized Pointer
EUVDB-ID: #VU89396
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26641
CWE-ID:
CWE-824 - Access of Uninitialized Pointer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to access to uninitialized data within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
547) Input validation error
EUVDB-ID: #VU94118
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26673
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the nft_ct_expect_obj_init() function in net/netfilter/nft_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
548) Input validation error
EUVDB-ID: #VU90858
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26675
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_async_ioctl() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
549) Improper locking
EUVDB-ID: #VU92044
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26679
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
550) Improper error handling
EUVDB-ID: #VU90952
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26684
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dwxgmac3_handle_dma_err(), dwxgmac3_safety_feat_config(), dwxgmac3_safety_feat_irq_status() and dwxgmac3_safety_feat_dump() functions in drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
551) Race condition
EUVDB-ID: #VU91481
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26685
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the nilfs_segctor_prepare_write(), nilfs_abort_logs() and nilfs_segctor_complete_write() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
552) Improper locking
EUVDB-ID: #VU92043
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26687
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the shutdown_pirq() and __unbind_from_irq() functions in drivers/xen/events/events_base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
553) NULL pointer dereference
EUVDB-ID: #VU90603
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26688
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hugetlbfs_parse_param() function in fs/hugetlbfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
554) Use-after-free
EUVDB-ID: #VU90220
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26689
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __prep_cap() and __send_cap() functions in fs/ceph/caps.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
555) Improper access control
EUVDB-ID: #VU88150
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26642
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c. A local user can set arbitrary timeouts, which can result in a denial of service condition.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
556) Resource management error
EUVDB-ID: #VU89397
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26640
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the skb_advance_to_frag() function in net/ipv4/tcp.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
557) Improper locking
EUVDB-ID: #VU90795
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26696
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_page_mkwrite() function in fs/nilfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
558) Improper locking
EUVDB-ID: #VU93770
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26601
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_generate_buddy() and mb_free_blocks() functions in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
559) Reachable Assertion
EUVDB-ID: #VU87594
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23850
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the btrfs_get_root_ref() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
560) Out-of-bounds read
EUVDB-ID: #VU87595
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23851
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the copy_params() function in drivers/md/dm-ioctl.c. A remote attacker can trigger an out-of-bounds read and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
561) Race condition
EUVDB-ID: #VU92719
Risk: Low
CVSSv4.0: 2.4 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-24857
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to damange or delete data.
A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
562) Race condition
EUVDB-ID: #VU92720
Risk: Low
CVSSv4.0: 2.3 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-24858
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
563) Race condition
EUVDB-ID: #VU91634
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-24861
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the xc4000 xc4000_get_frequency() function in the media/xc4000 device driver. A local user can exploit the race and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
564) Input validation error
EUVDB-ID: #VU88887
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26581
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in net/netfilter/nft_set_rbtree.c. A locla user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
565) Out-of-bounds read
EUVDB-ID: #VU89250
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26593
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the i801_block_transaction_by_block() function in drivers/i2c/busses/i2c-i801.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
566) NULL pointer dereference
EUVDB-ID: #VU89249
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26600
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in drivers/phy/ti/phy-omap-usb2.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
567) Resource exhaustion
EUVDB-ID: #VU87499
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26602
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource management in kernel/sched/membarrier.c. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
568) Input validation error
EUVDB-ID: #VU90859
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26636
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the llc_ui_sendmsg() function in net/llc/af_llc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
569) Resource management error
EUVDB-ID: #VU89247
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26606
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the binder_enqueue_thread_work_ilocked() function in drivers/android/binder.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
570) Buffer overflow
EUVDB-ID: #VU89679
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26610
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the iwl_dbg_tlv_override_trig_node() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
571) Resource management error
EUVDB-ID: #VU91320
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26614
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the reqsk_queue_alloc() function in net/core/request_sock.c. A remote attacker can send specially crafted ACK packets to the system and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
572) NULL pointer dereference
EUVDB-ID: #VU90627
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26615
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __smc_diag_dump() function in net/smc/smc_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
573) Use-after-free
EUVDB-ID: #VU87193
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26622
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tomoyo_write_control() function. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
574) Use-after-free
EUVDB-ID: #VU87344
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26625
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in net/llc/af_llc.c when handling orphan sockets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
575) Improper locking
EUVDB-ID: #VU88101
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26627
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack (DoS).
The vulnerability exists due to improper locking when calling the scsi_host_busy() function. A local user can perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
576) Use of uninitialized resource
EUVDB-ID: #VU90880
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26635
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cpu_to_be16() function in net/llc/llc_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
577) NULL pointer dereference
EUVDB-ID: #VU90604
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26695
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/crypto/ccp/sev-dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
578) Information disclosure
EUVDB-ID: #VU91365
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26697
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the nilfs_prepare_segment_for_recovery(), nilfs_recovery_copy_block() and nilfs_recover_dsync_blocks() functions in fs/nilfs2/recovery.c. A local user can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
579) NULL pointer dereference
EUVDB-ID: #VU87192
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-22099
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the rfcomm_check_security() function in /net/bluetooth/rfcomm/core.c. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
580) Information disclosure
EUVDB-ID: #VU89239
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26787
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output within the sdmmc_idma_start() function in drivers/mmc/host/mmci_stm32_sdmmc.c. A local user can gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
581) Improper locking
EUVDB-ID: #VU92041
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26772
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_find_by_goal() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
582) Improper locking
EUVDB-ID: #VU93787
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26773
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_try_best_found() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
583) NULL pointer dereference
EUVDB-ID: #VU90601
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26776
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hisi_sfc_v3xx_isr() function in drivers/spi/spi-hisi-sfc-v3xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
584) Division by zero
EUVDB-ID: #VU91377
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26777
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the sisfb_check_var() function in drivers/video/fbdev/sis/sis_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
585) Division by zero
EUVDB-ID: #VU91378
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26778
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the savagefb_check_var() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
586) Race condition
EUVDB-ID: #VU91480
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26779
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the ieee80211_check_fast_xmit() function in net/mac80211/tx.c, within the sta_info_insert_finish() function in net/mac80211/sta_info.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
587) Improper locking
EUVDB-ID: #VU90785
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26781
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the subflow_get_info() function in net/mptcp/diag.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
588) Double free
EUVDB-ID: #VU90927
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26782
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the mptcp_inet6_sk() and mptcp_sk_clone() functions in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
589) Resource management error
EUVDB-ID: #VU92972
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26788
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fsl_qdma_probe() function in drivers/dma/fsl-qdma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
590) Off-by-one
EUVDB-ID: #VU89678
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26766
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an off-by-one error within the _pad_sdma_tx_descs() function in drivers/infiniband/hw/hfi1/sdma.c. A local user can trigger an off-by-one error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
591) Improper locking
EUVDB-ID: #VU90784
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26790
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the FSL_QDMA_CMD_PF BIT() and fsl_qdma_comp_fill_memcpy() functions in drivers/dma/fsl-qdma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
592) Out-of-bounds read
EUVDB-ID: #VU91098
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26791
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the btrfs_check_replace_dev_names() and btrfs_dev_replace_by_ioctl() functions in fs/btrfs/dev-replace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
593) Use-after-free
EUVDB-ID: #VU90211
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26793
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gtp_init() function in drivers/net/gtp.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
594) Out-of-bounds read
EUVDB-ID: #VU90329
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26795
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the arch/riscv/include/asm/pgtable.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
595) Use-after-free
EUVDB-ID: #VU90209
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26801
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_error_reset() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
596) Use-after-free
EUVDB-ID: #VU90212
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26804
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tnl_update_pmtu(), ip_md_tunnel_xmit() and ip_tunnel_xmit() functions in net/ipv4/ip_tunnel.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
597) Use of uninitialized resource
EUVDB-ID: #VU90879
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26805
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the netlink_group_mask() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
598) Expired pointer dereference
EUVDB-ID: #VU93809
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26808
CWE-ID:
CWE-825 - Expired pointer dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a stale reference within the nf_tables_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
599) NULL pointer dereference
EUVDB-ID: #VU90602
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26771
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the edma_probe() function in drivers/dma/ti/edma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
600) Resource management error
EUVDB-ID: #VU93844
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26764
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kiocb_set_cancel_fn() and aio_prep_rw() functions in fs/aio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
601) Race condition
EUVDB-ID: #VU91482
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26698
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the netvsc_device_remove() function in drivers/net/hyperv/netvsc.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
602) Use-after-free
EUVDB-ID: #VU90215
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26735
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seg6_init() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
603) Out-of-bounds read
EUVDB-ID: #VU91100
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26702
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rm3100_common_probe() function in drivers/iio/magnetometer/rm3100-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
604) Double free
EUVDB-ID: #VU90929
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26704
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ext4_move_extents() function in fs/ext4/move_extent.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
605) Resource management error
EUVDB-ID: #VU93206
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26707
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the send_hsr_supervision_frame() and send_prp_supervision_frame() functions in net/hsr/hsr_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
606) Buffer overflow
EUVDB-ID: #VU93400
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26712
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the kasan_init_region() function in arch/powerpc/mm/kasan/kasan_init_32.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
607) Division by zero
EUVDB-ID: #VU91379
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26720
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the wb_dirty_limits() function in mm/page-writeback.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
608) Improper locking
EUVDB-ID: #VU90793
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26722
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt5645_jack_detect_work() function in sound/soc/codecs/rt5645.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
609) Reachable assertion
EUVDB-ID: #VU90911
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26727
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the btrfs_get_root_ref() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
610) Buffer overflow
EUVDB-ID: #VU92952
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26733
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the arp_req_get() function in net/ipv4/arp.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
611) Buffer overflow
EUVDB-ID: #VU92007
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26736
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the afs_update_volume_status() function in fs/afs/volume.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
612) Resource management error
EUVDB-ID: #VU93859
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26763
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources during authentication within the kcryptd_crypt_write_convert() function in drivers/md/dm-crypt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
613) Improper locking
EUVDB-ID: #VU92042
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26743
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qedr_create_user_qp() function in drivers/infiniband/hw/qedr/verbs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
614) NULL pointer dereference
EUVDB-ID: #VU90596
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26744
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the module_param() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
615) NULL pointer dereference
EUVDB-ID: #VU90598
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26747
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the usb_role_switch_get(), fwnode_usb_role_switch_get(), EXPORT_SYMBOL_GPL(), usb_role_switch_find_by_fwnode() and usb_role_switch_register() functions in drivers/usb/roles/class.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
616) Use-after-free
EUVDB-ID: #VU90213
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26748
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cdns3_gadget_giveback() function in drivers/usb/cdns3/gadget.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
617) Use-after-free
EUVDB-ID: #VU90216
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26749
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cdns3_gadget_ep_disable() function in drivers/usb/cdns3/gadget.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
618) Infinite loop
EUVDB-ID: #VU93671
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26751
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the GPIO_LOOKUP_IDX() function in arch/arm/mach-ep93xx/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
619) Incorrect calculation
EUVDB-ID: #VU89392
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26752
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the l2tp_ip6_sendmsg() function in net/l2tp/l2tp_ip6.c. A local user can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
620) Stack-based buffer overflow
EUVDB-ID: #VU91300
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26753
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack overflow within the virtio_crypto_dataq_akcipher_callback() and virtio_crypto_alg_akcipher_init_session() functions in drivers/crypto/virtio/virtio_crypto_akcipher_algs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
621) Use-after-free
EUVDB-ID: #VU90217
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26754
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gtp_init() function in drivers/net/gtp.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
622) Off-by-one
EUVDB-ID: #VU86019
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23849
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the rds_recv_track_latency() function in net/rds/af_rds.c. A local user can trigger an off-by-one error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
623) Stack-based buffer overflow
EUVDB-ID: #VU87165
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-1151
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the Open vSwitch sub-component in the Linux Kernel. A remote unauthenticated attacker can send specially crafted packets to the system. trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
624) Incorrect calculation
EUVDB-ID: #VU94311
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40993
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the MODULE_DESCRIPTION() and ip_set_create() functions in net/netfilter/ipset/ip_set_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
625) Improper error handling
EUVDB-ID: #VU92055
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36950
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bus_reset_work() and irq_handler() functions in drivers/firewire/ohci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
626) Improper locking
EUVDB-ID: #VU92010
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36919
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bnx2fc_free_session_resc() function in drivers/scsi/bnx2fc/bnx2fc_tgt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
627) Improper error handling
EUVDB-ID: #VU93449
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36929
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the skb_alloc_rx_flag() and skb_copy_expand() functions in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
628) Use of uninitialized resource
EUVDB-ID: #VU90862
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36933
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and nsh_gso_segment() functions in net/nsh/nsh.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
629) Out-of-bounds read
EUVDB-ID: #VU90266
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36934
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnad_debugfs_write_regrd() and bnad_debugfs_write_regwr() functions in drivers/net/ethernet/brocade/bna/bnad_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
630) Improper error handling
EUVDB-ID: #VU92054
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36939
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nfs_net_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
631) Double Free
EUVDB-ID: #VU90885
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36940
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
632) NULL pointer dereference
EUVDB-ID: #VU90528
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36941
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nl80211_set_coalesce() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
633) Buffer overflow
EUVDB-ID: #VU93469
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36946
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the rtm_phonet_notify() function in net/phonet/pn_netlink.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
634) Improper error handling
EUVDB-ID: #VU93450
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36953
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the kvm_register_vgic_device() function in arch/arm64/kvm/vgic/vgic-kvm-device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
635) Race condition
EUVDB-ID: #VU93375
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36905
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tcp_send_fin() function in net/ipv4/tcp_output.c, within the tcp_rcv_state_process() function in net/ipv4/tcp_input.c, within the tcp_shutdown() and __tcp_close() functions in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
636) Memory leak
EUVDB-ID: #VU90431
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36954
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tipc_buf_append() function in net/tipc/msg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
637) Off-by-one
EUVDB-ID: #VU91171
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36957
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the rvu_dbg_qsize_write() function in drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
638) Information disclosure
EUVDB-ID: #VU91321
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36959
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the pinctrl_dt_to_map() function in drivers/pinctrl/devicetree.c. A local user can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
639) Information disclosure
EUVDB-ID: #VU87457
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-28746
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to information exposure through microarchitectural state after transient execution from some register files for some Intel Atom Processors. A local user can gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
640) Use-after-free
EUVDB-ID: #VU82755
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-47233
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an attacker to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcm80211 in a brcmf_cfg80211_detach in the device unplugging (disconnect the USB by hotplug) code. An attacker with physical access to device can trigger a use-after-free error and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
641) Improper Check for Unusual or Exceptional Conditions
EUVDB-ID: #VU87166
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52429
CWE-ID:
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dm_table_create() function in drivers/md/dm-table.c. A local user can pass specially crafted data to the kernel and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
642) Buffer overflow
EUVDB-ID: #VU88283
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-52434
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the smb2_parse_contexts() function when parsing SMB packets. A remote user can send specially crafted SMB traffic to the affected system, trigger memory corruption and execute arbitrary code.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
643) Buffer overflow
EUVDB-ID: #VU87748
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52435
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the skb_segment() function. A local user can trigger memory corruption and crash the kernel.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
644) Out-of-bounds read
EUVDB-ID: #VU90273
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36916
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iocg_kick_delay() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
645) Use-after-free
EUVDB-ID: #VU90047
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36904
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_twsk_unique() function in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
646) NULL pointer dereference
EUVDB-ID: #VU90657
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52458
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the blkpg_do_ioctl() function in block/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
647) Memory leak
EUVDB-ID: #VU90468
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26900
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bind_rdev_to_array() function in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
648) Improper locking
EUVDB-ID: #VU94267
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40995
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcf_idr_check_alloc() and rcu_read_unlock() functions in net/sched/act_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
649) Integer overflow
EUVDB-ID: #VU94295
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41000
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the blkpg_do_ioctl() function in block/ioctl.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
650) Improper locking
EUVDB-ID: #VU94265
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41004
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kernel/trace/Kconfig. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
651) Improper locking
EUVDB-ID: #VU94264
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41005
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the netpoll_owner_active() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
652) Memory leak
EUVDB-ID: #VU94213
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41006
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nr_heartbeat_expiry() function in net/netrom/nr_timer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
653) Out-of-bounds read
EUVDB-ID: #VU91400
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48655
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds read error within the scmi_domain_reset() function in drivers/firmware/arm_scmi/reset.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
654) NULL pointer dereference
EUVDB-ID: #VU91241
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52585
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_ras_query_error_status_helper() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
655) Input validation error
EUVDB-ID: #VU93673
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52882
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sun50i_h6_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-h6.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
656) Use-after-free
EUVDB-ID: #VU89672
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2024-27398
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the sco_sock_timeout() function in net/bluetooth/sco.c. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
657) NULL pointer dereference
EUVDB-ID: #VU91222
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36902
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __fib6_rule_action() function in net/ipv6/fib6_rules.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
658) NULL pointer dereference
EUVDB-ID: #VU89673
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-27399
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error within the l2cap_chan_timeout() function in net/bluetooth/l2cap_core.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
659) Buffer overflow
EUVDB-ID: #VU89675
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27401
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the packet_buffer_get() function in drivers/firewire/nosy.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
660) Buffer overflow
EUVDB-ID: #VU91199
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35848
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the at24_probe() function in drivers/misc/eeprom/at24.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
661) Improper error handling
EUVDB-ID: #VU93468
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35947
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error within the ddebug_tokenize() function in lib/dynamic_debug.c. A local user can crash the OS kernel.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
662) Out-of-bounds read
EUVDB-ID: #VU93081
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36017
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_setvfinfo() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
663) Input validation error
EUVDB-ID: #VU94121
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36031
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __key_instantiate_and_link() function in security/keys/key.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
664) Out-of-bounds read
EUVDB-ID: #VU90272
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36883
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net_alloc_generic() and register_pernet_operations() functions in net/core/net_namespace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
665) Use-after-free
EUVDB-ID: #VU90049
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-36886
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
666) Use of uninitialized resource
EUVDB-ID: #VU90975
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36889
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mptcp_stream_connect() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
667) Use-after-free
EUVDB-ID: #VU87740
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52447
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in
bpf. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
668) Stack-based buffer overflow
EUVDB-ID: #VU91302
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52482
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack overflow within the VULNBL_AMD() function in arch/x86/kernel/cpu/common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
669) NULL pointer dereference
EUVDB-ID: #VU89389
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-0841
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the hugetlbfs_fill_super() function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
670) Improper locking
EUVDB-ID: #VU92045
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52635
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the devfreq_monitor(), devfreq_monitor_start() and devfreq_monitor_stop() functions in drivers/devfreq/devfreq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
671) Improper Initialization
EUVDB-ID: #VU91556
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52616
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the mpi_ec_init() function in lib/mpi/ec.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
672) Resource management error
EUVDB-ID: #VU93474
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52617
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the stdev_release(), stdev_create(), switchtec_init_pci() and switchtec_pci_remove() functions in drivers/pci/switch/switchtec.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
673) Buffer overflow
EUVDB-ID: #VU93617
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52618
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rnbd_srv_get_full_path() function in drivers/block/rnbd/rnbd-srv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
674) Buffer overflow
EUVDB-ID: #VU93668
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52619
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ramoops_init_przs() function in fs/pstore/ram.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
675) Improper access control
EUVDB-ID: #VU89268
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52620
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c when setting timeouts from userspace. A local user can bypass implemented security restrictions and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
676) Buffer overflow
EUVDB-ID: #VU93471
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52622
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the alloc_flex_gd() and ext4_setup_next_flex_gd() functions in fs/ext4/resize.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
677) Improper locking
EUVDB-ID: #VU92046
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52623
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xprt_iter_current_entry() and rpc_xprt_switch_has_addr() functions in net/sunrpc/xprtmultipath.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
678) NULL pointer dereference
EUVDB-ID: #VU90612
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52627
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the BIT() function in drivers/iio/adc/ad7091r5.c, within the BIT() and ad7091r_read_event_config() functions in drivers/iio/adc/ad7091r-base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
679) Use-after-free
EUVDB-ID: #VU90218
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52637
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the j1939_sk_match_dst(), j1939_sk_match_filter(), j1939_sk_init() and j1939_sk_setsockopt() functions in net/can/j1939/socket.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
680) Buffer overflow
EUVDB-ID: #VU91315
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52614
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the trans_stat_show() function in drivers/devfreq/devfreq.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
681) Improper privilege management
EUVDB-ID: #VU93736
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52642
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the lirc_dev_exit() and rc_dev_get_from_fd() functions in drivers/media/rc/lirc_dev.c, within the lirc_prog_attach(), lirc_prog_detach() and lirc_prog_query() functions in drivers/media/rc/bpf-lirc.c. A local user can read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
682) Infinite loop
EUVDB-ID: #VU93068
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52644
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the b43_dma_tx() and b43_dma_handle_txstatus() functions in drivers/net/wireless/broadcom/b43/dma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
683) NULL pointer dereference
EUVDB-ID: #VU90517
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52650
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tegra_dsi_ganged_probe() function in drivers/gpu/drm/tegra/dsi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
684) Use-after-free
EUVDB-ID: #VU91599
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-6270
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
685) NULL pointer dereference
EUVDB-ID: #VU85422
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-7042
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
686) Improper Initialization
EUVDB-ID: #VU86579
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-0340
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper initialization within the vhost_new_msg() function in drivers/vhost/vhost.c in the Linux kernel vhost driver. A local user can run a specially crafted application to gain access to sensitive kernel information.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
687) Integer underflow
EUVDB-ID: #VU86552
Risk: High
CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-0565
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer underflow within the receive_encrypted_standard() function in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. A remote attacker can trick the victim to connect to a malicious SMB server, trigger an integer underflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
688) Resource management error
EUVDB-ID: #VU86553
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-0607
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nft_byteorder_eval() function in the Netfilter subsystem. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
689) Improper locking
EUVDB-ID: #VU90798
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52615
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rng_get_data() and rng_dev_read() functions in drivers/char/hw_random/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
690) NULL pointer dereference
EUVDB-ID: #VU90841
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52607
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pgtable_cache_add() function in arch/powerpc/mm/init-common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
691) Improper locking
EUVDB-ID: #VU90801
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52486
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/gpu/drm/drm_plane.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
692) Improper locking
EUVDB-ID: #VU91541
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52587
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipoib_mcast_join() function in drivers/infiniband/ulp/ipoib/ipoib_multicast.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
693) Input validation error
EUVDB-ID: #VU94144
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52488
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sc16is7xx_fifo_read(), sc16is7xx_fifo_write() and sc16is7xx_regmap_precious() functions in drivers/tty/serial/sc16is7xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
694) Race condition
EUVDB-ID: #VU89388
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52489
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the section_deactivate() function in mm/sparse.c. A local user can exploit the race and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
695) Use-after-free
EUVDB-ID: #VU90228
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52491
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mtk_jpeg_dec_device_run() function in drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
696) NULL pointer dereference
EUVDB-ID: #VU90626
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52492
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/dma/dmaengine.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
697) Improper locking
EUVDB-ID: #VU91537
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52493
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the parse_xfer_event() function in drivers/bus/mhi/host/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
698) Resource exhaustion
EUVDB-ID: #VU93097
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52497
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack and modify data on the system,.
The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack and modify data on the system,.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
699) Improper locking
EUVDB-ID: #VU90800
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52498
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dev_pm_skip_resume(), complete_all(), dpm_async_fn(), dpm_noirq_resume_devices(), dpm_resume_noirq(), pm_runtime_enable(), dpm_resume_early(), dpm_resume_start(), device_resume() and dpm_resume() functions in drivers/base/power/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
700) Improper locking
EUVDB-ID: #VU90802
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52583
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
701) Out-of-bounds read
EUVDB-ID: #VU90343
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52594
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_txstatus() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
702) Buffer overflow
EUVDB-ID: #VU87343
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52606
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the fp/vmx code in powerpc/lib/sstep.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
703) Improper locking
EUVDB-ID: #VU90803
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52595
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
704) Security features bypass
EUVDB-ID: #VU92172
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52597
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
705) Resource management error
EUVDB-ID: #VU93864
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52598
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in arch/s390/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
706) Buffer overflow
EUVDB-ID: #VU88105
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52599
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the diNewExt() function in fs/jfs/jfs_imap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
707) Use-after-free
EUVDB-ID: #VU88104
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52600
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in fs/jfs/jfs_mount.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
708) Buffer overflow
EUVDB-ID: #VU88103
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52601
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in fs/jfs/jfs_dmap.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
709) Out-of-bounds read
EUVDB-ID: #VU89254
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52602
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the dtSearch() function in fs/jfs/jfs_dtree.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
710) Improper validation of array index
EUVDB-ID: #VU88885
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52603
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of array index within the dtSplitRoot() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
711) Out-of-bounds read
EUVDB-ID: #VU90342
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52604
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmartFabric Storage Software: 1.4.0 - 1.4.2
CPE2.3- cpe:2.3:h:dell:smartfabric_storage_software:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:smartfabric_storage_software:1.4.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
