Risk | Low |
Patch available | YES |
Number of vulnerabilities | 37 |
CVE-ID | CVE-2021-47270 CVE-2021-47515 CVE-2021-47583 CVE-2021-47611 CVE-2021-47619 CVE-2022-48717 CVE-2022-48722 CVE-2022-48736 CVE-2022-48738 CVE-2022-48743 CVE-2022-48744 CVE-2022-48758 CVE-2022-48772 CVE-2023-52730 CVE-2024-23848 CVE-2024-31076 CVE-2024-35893 CVE-2024-35915 CVE-2024-36014 CVE-2024-36949 CVE-2024-37356 CVE-2024-38546 CVE-2024-38553 CVE-2024-38554 CVE-2024-38559 CVE-2024-38578 CVE-2024-38579 CVE-2024-38582 CVE-2024-38583 CVE-2024-38618 CVE-2024-38633 CVE-2024-38634 CVE-2024-38637 CVE-2024-38659 CVE-2024-38780 CVE-2024-39301 CVE-2016-5519 |
CWE-ID | CWE-476 CWE-908 CWE-20 CWE-125 CWE-401 CWE-191 CWE-119 CWE-399 CWE-200 CWE-416 CWE-667 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component python2-perf-debuginfo Operating systems & Components / Operating system package or component python2-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 37 vulnerabilities.
EUVDB-ID: #VU90484
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47270
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tcm_bind() function in drivers/usb/gadget/function/f_tcm.c, within the geth_bind() function in drivers/usb/gadget/function/f_subset.c, within the usb_assign_descriptors() function in drivers/usb/gadget/function/f_sourcesink.c, within the gser_bind() function in drivers/usb/gadget/function/f_serial.c, within the rndis_bind() function in drivers/usb/gadget/function/f_rndis.c, within the usb_assign_descriptors() function in drivers/usb/gadget/function/f_printer.c, within the usb_assign_descriptors() function in drivers/usb/gadget/function/f_loopback.c, within the eem_bind() function in drivers/usb/gadget/function/f_eem.c, within the ecm_bind() function in drivers/usb/gadget/function/f_ecm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90391
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47515
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the seg6_do_srh_encap() function in net/ipv6/seg6_iptunnel.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92933
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47583
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mxl111sf_init() and mxl111sf_get_stream_config_dvbt() functions in drivers/media/usb/dvb-usb-v2/mxl111sf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93309
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47611
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee802_11_parse_elems_crc() function in net/mac80211/util.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92919
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47619
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_get_lump() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92907
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48717
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the speaker_gain_control_put() function in sound/soc/codecs/max9759.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92892
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48722
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ca8210_async_xmit_complete() function in drivers/net/ieee802154/ca8210.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92901
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48736
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_xr_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92903
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48738
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_volsw() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92928
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48743
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the xgbe_rx_buf2_len() function in drivers/net/ethernet/amd/xgbe/xgbe-drv.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92950
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48744
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the mlx5e_xmit_xdp_frame() function in drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92960
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48758
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnx2fc_bind_pcidev(), bnx2fc_indicate_netevent(), bnx2fc_vport_destroy(), bnx2fc_if_create(), __bnx2fc_destroy(), bnx2fc_destroy_work() and bnx2fc_ulp_exit() functions in drivers/scsi/bnx2fc/bnx2fc_fcoe.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93327
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48772
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lgdt3306a_probe() function in drivers/media/dvb-frontends/lgdt3306a.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91333
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52730
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sdio_read_func_cis() and sdio_free_func_cis() functions in drivers/mmc/core/sdio_cis.c, within the sdio_release_func(), sdio_alloc_func() and sdio_add_func() functions in drivers/mmc/core/sdio_bus.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91600
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23848
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93016
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-31076
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the migrate_one_irq() function in kernel/irq/cpuhotplug.c, within the __send_cleanup_vector(), irq_complete_move() and irq_force_complete_move() functions in arch/x86/kernel/apic/vector.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93609
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35893
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcf_skbmod_dump() function in net/sched/act_skbmod.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90874
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35915
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nci_rx_work() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89897
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36014
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the malidp_mw_connector_reset() function in drivers/gpu/drm/arm/malidp_mw.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93436
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36949
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kgd2kfd_suspend() and kgd2kfd_resume() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93024
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-37356
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net/ipv4/tcp_dctcp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92351
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38546
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vc4_hdmi_audio_init() function in drivers/gpu/drm/vc4/vc4_hdmi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92369
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38553
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fec_set_mac_address() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92294
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38554
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92328
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38559
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92322
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38578
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the write_tag_66_packet() function in fs/ecryptfs/keystore.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92953
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38579
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the spu2_dump_omd() function in drivers/crypto/bcm/spu2.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92366
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38582
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_sync(), nilfs_segctor_wakeup(), nilfs_segctor_notify() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92311
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38583
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_segctor_start_timer(), nilfs_construct_dsync_segment(), nilfs_segctor_notify(), nilfs_segctor_thread(), nilfs_segctor_new() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92371
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38618
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93032
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38633
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the max3100_probe() and max3100_remove() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93038
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38634
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the max3100_sr() and max3100_handlerx() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93046
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38637
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __gb_lights_flash_brightness_set() and gb_lights_light_v4l2_register() functions in drivers/staging/greybus/light.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93080
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38659
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the enic_set_vf_port() function in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93034
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38780
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sync_print_obj() function in drivers/dma-buf/sync_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93337
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39301
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the p9_fcall_init() function in net/9p/client.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU1045
Risk: Low
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-5519
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to gain elevated orivileges on the target system.
The weakness is due to improper processing of crafted packets during the enrollment operation. Flaw in the Oracle GlassFish Server Java Server Faces component lets attacker to increase his privileges.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.3.0.0285
python3-perf: before 4.19.90-2407.3.0.0285
python2-perf-debuginfo: before 4.19.90-2407.3.0.0285
python2-perf: before 4.19.90-2407.3.0.0285
perf-debuginfo: before 4.19.90-2407.3.0.0285
perf: before 4.19.90-2407.3.0.0285
kernel-tools-devel: before 4.19.90-2407.3.0.0285
kernel-tools-debuginfo: before 4.19.90-2407.3.0.0285
kernel-tools: before 4.19.90-2407.3.0.0285
kernel-source: before 4.19.90-2407.3.0.0285
kernel-devel: before 4.19.90-2407.3.0.0285
kernel-debugsource: before 4.19.90-2407.3.0.0285
kernel-debuginfo: before 4.19.90-2407.3.0.0285
bpftool-debuginfo: before 4.19.90-2407.3.0.0285
bpftool: before 4.19.90-2407.3.0.0285
kernel: before 4.19.90-2407.3.0.0285
CPE2.3https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1835
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.