Risk | Low |
Patch available | YES |
Number of vulnerabilities | 22 |
CVE-ID | CVE-2023-52441 CVE-2023-52486 CVE-2023-52491 CVE-2023-52492 CVE-2023-52493 CVE-2023-52494 CVE-2023-52498 CVE-2023-52503 CVE-2023-52504 CVE-2023-52524 CVE-2023-52567 CVE-2023-52574 CVE-2023-52607 CVE-2023-52608 CVE-2023-52617 CVE-2023-7042 CVE-2024-24861 CVE-2024-26608 CVE-2024-26615 CVE-2024-26654 CVE-2024-26656 CVE-2024-26696 |
CWE-ID | CWE-125 CWE-667 CWE-416 CWE-476 CWE-119 CWE-399 CWE-362 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
openEuler Operating systems & Components / Operating system kernel-tools Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 22 vulnerabilities.
EUVDB-ID: #VU91105
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52441
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds read error within the init_smb1_server() function in fs/ksmbd/smb_common.c, within the handle_ksmbd_work() and queue_ksmbd_work() functions in fs/ksmbd/server.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90801
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52486
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/gpu/drm/drm_plane.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90228
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52491
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mtk_jpeg_dec_device_run() function in drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90626
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52492
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/dma/dmaengine.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91537
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52493
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the parse_xfer_event() function in drivers/bus/mhi/host/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91209
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52494
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the mhi_del_ring_element() function in drivers/bus/mhi/host/main.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90800
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52498
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dev_pm_skip_resume(), complete_all(), dpm_async_fn(), dpm_noirq_resume_devices(), dpm_resume_noirq(), pm_runtime_enable(), dpm_resume_early(), dpm_resume_start(), device_resume() and dpm_resume() functions in drivers/base/power/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90234
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52503
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the destroy_session(), amdtee_open_session() and amdtee_close_session() functions in drivers/tee/amdtee/core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90347
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52504
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the apply_alternatives() function in arch/x86/kernel/alternative.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91319
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52524
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfc_llcp_register_device() function in net/nfc/llcp_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90636
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52567
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the serial8250_handle_irq() function in drivers/tty/serial/8250/8250_port.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89390
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52574
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in drivers/net/team/team.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90841
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52607
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pgtable_cache_add() function in arch/powerpc/mm/init-common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92973
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52608
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the shmem_poll_done() function in drivers/firmware/arm_scmi/shmem.c, within the rx_callback() function in drivers/firmware/arm_scmi/mailbox.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93474
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52617
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the stdev_release(), stdev_create(), switchtec_init_pci() and switchtec_pci_remove() functions in drivers/pci/switch/switchtec.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85422
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-7042
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91634
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-24861
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the xc4000 xc4000_get_frequency() function in the media/xc4000 device driver. A local user can exploit the race and escalate privileges on the system.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90341
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26608
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the handle_unsupported_event() and handle_generic_event() functions in fs/ksmbd/transport_ipc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90627
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26615
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __smc_diag_dump() function in net/smc/smc_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88148
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26654
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in sound/sh/aica.c. A local user can exploit the race and escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88145
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26656
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to crash the kernel.
The vulnerability exists due to a use-after-free error in drivers/gpu/drm/amd/amdgpu/amdgpu_hmm.c. A local user can send a single amdgpu_gem_userptr_ioctl
to the AMDGPU DRM driver on any ASICs with an invalid address and size and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90795
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26696
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_page_mkwrite() function in fs/nilfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-tools: before 5.10.0-153.52.0.130
kernel-debuginfo: before 5.10.0-153.52.0.130
kernel-tools-devel: before 5.10.0-153.52.0.130
kernel-tools-debuginfo: before 5.10.0-153.52.0.130
kernel-debugsource: before 5.10.0-153.52.0.130
perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf-debuginfo: before 5.10.0-153.52.0.130
python3-perf: before 5.10.0-153.52.0.130
kernel-devel: before 5.10.0-153.52.0.130
perf: before 5.10.0-153.52.0.130
kernel-headers: before 5.10.0-153.52.0.130
kernel-source: before 5.10.0-153.52.0.130
kernel: before 5.10.0-153.52.0.130
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1500
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.