Risk | Low |
Patch available | YES |
Number of vulnerabilities | 25 |
CVE-ID | CVE-2021-47070 CVE-2021-47101 CVE-2023-52464 CVE-2023-52475 CVE-2023-52500 CVE-2023-52507 CVE-2023-52510 CVE-2023-52515 CVE-2023-52516 CVE-2023-52522 CVE-2023-52530 CVE-2023-52560 CVE-2023-52561 CVE-2023-52566 CVE-2023-52568 CVE-2023-52573 CVE-2023-52578 CVE-2023-52583 CVE-2023-52587 CVE-2023-52594 CVE-2023-52595 CVE-2023-52597 CVE-2023-52598 CVE-2023-52622 CVE-2024-26601 |
CWE-ID | CWE-401 CWE-908 CWE-787 CWE-416 CWE-125 CWE-667 CWE-399 CWE-388 CWE-476 CWE-362 CWE-254 CWE-119 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
openEuler Operating systems & Components / Operating system kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component python3-perf-debuginfo Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 25 vulnerabilities.
EUVDB-ID: #VU90028
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47070
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hv_uio_probe() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90882
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47101
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the asix_check_host_enable() function in drivers/net/usb/asix_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88895
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52464
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the thunderx_ocx_com_threaded_isr() function in drivers/edac/thunderx_edac.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90247
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52475
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the powermate_disconnect() function in drivers/input/misc/powermate.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91657
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52500
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mpi_set_controller_config_resp() function in drivers/scsi/pm8001/pm80xx_hwi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90350
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52507
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nci_activate_target() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90235
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52510
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ca8210_register_ext_clock() and ca8210_unregister_ext_clock() functions in drivers/net/ieee802154/ca8210.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90236
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52515
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the srp_abort() function in drivers/infiniband/ulp/srp/ib_srp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90804
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52516
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __dma_entry_alloc(), __dma_entry_alloc_check_leak() and dma_entry_alloc() functions in kernel/dma/debug.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89387
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52522
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the neigh_periodic_work() function in net/core/neighbour.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90237
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52530
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ieee80211_key_link() function in net/mac80211/key.c, within the ieee80211_add_key() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90024
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52560
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the damon_do_test_apply_three_regions() function in mm/damon/vaddr-test.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90957
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52561
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/arm64/boot/dts/qcom/sdm845-db845c.dts. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90238
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52566
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_gccache_submit_read_data() function in fs/nilfs2/gcinode.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90637
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52568
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sgx_encl_eldu(), __sgx_encl_load_page() and sgx_encl_eaug_page() functions in arch/x86/kernel/cpu/sgx/encl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90842
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52573
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rds_rdma_cm_event_handler_cmn() function in net/rds/rdma_transport.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89384
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52578
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a data race within the br_handle_frame_finish() function in net/bridge/br_input.c. A local user can exploit the race and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90802
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52583
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91541
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52587
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipoib_mcast_join() function in drivers/infiniband/ulp/ipoib/ipoib_multicast.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90343
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52594
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_txstatus() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90803
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52595
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92172
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52597
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93864
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52598
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in arch/s390/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93471
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52622
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the alloc_flex_gd() and ext4_setup_next_flex_gd() functions in fs/ext4/resize.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93770
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26601
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_generate_buddy() and mb_free_blocks() functions in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP2
kernel-devel: before 5.10.0-153.51.0.129
kernel-debugsource: before 5.10.0-153.51.0.129
python3-perf: before 5.10.0-153.51.0.129
perf-debuginfo: before 5.10.0-153.51.0.129
kernel-tools-devel: before 5.10.0-153.51.0.129
kernel-debuginfo: before 5.10.0-153.51.0.129
python3-perf-debuginfo: before 5.10.0-153.51.0.129
kernel-source: before 5.10.0-153.51.0.129
kernel-headers: before 5.10.0-153.51.0.129
perf: before 5.10.0-153.51.0.129
kernel-tools: before 5.10.0-153.51.0.129
kernel-tools-debuginfo: before 5.10.0-153.51.0.129
kernel: before 5.10.0-153.51.0.129
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1487
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.