Risk | High |
Patch available | YES |
Number of vulnerabilities | 223 |
CVE-ID | CVE-2023-1582 CVE-2022-48851 CVE-2022-48853 CVE-2022-48856 CVE-2022-48857 CVE-2022-48858 CVE-2022-48859 CVE-2022-48860 CVE-2022-48861 CVE-2022-48862 CVE-2022-48863 CVE-2022-48866 CVE-2023-30608 CVE-2022-48847 CVE-2023-31315 CVE-2023-37453 CVE-2023-52762 CVE-2023-52766 CVE-2023-52800 CVE-2023-52885 CVE-2023-52886 CVE-2024-1737 CVE-2024-1975 CVE-2024-4076 CVE-2024-5535 CVE-2022-48849 CVE-2022-48843 CVE-2024-7264 CVE-2022-48826 CVE-2022-48814 CVE-2022-48815 CVE-2022-48816 CVE-2022-48817 CVE-2022-48818 CVE-2022-48820 CVE-2022-48821 CVE-2022-48822 CVE-2022-48823 CVE-2022-48824 CVE-2022-48825 CVE-2022-48827 CVE-2022-48842 CVE-2022-48828 CVE-2022-48829 CVE-2022-48830 CVE-2022-48831 CVE-2022-48834 CVE-2022-48835 CVE-2022-48836 CVE-2022-48837 CVE-2022-48838 CVE-2022-48839 CVE-2022-48840 CVE-2022-48841 CVE-2024-6345 CVE-2024-26583 CVE-2022-48812 CVE-2024-21134 CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21144 CVE-2024-21145 CVE-2024-21147 CVE-2024-20996 CVE-2024-21125 CVE-2024-21127 CVE-2024-21129 CVE-2024-21130 CVE-2024-21142 CVE-2024-42230 CVE-2024-21162 CVE-2024-21163 CVE-2024-21171 CVE-2024-21173 CVE-2024-21177 CVE-2024-21179 CVE-2024-21185 CVE-2024-22257 CVE-2024-22262 CVE-2024-47242 CVE-2024-34750 CVE-2024-42145 CVE-2024-26584 CVE-2024-38559 CVE-2024-26800 CVE-2024-26813 CVE-2024-26814 CVE-2024-26976 CVE-2024-35878 CVE-2024-35901 CVE-2024-35905 CVE-2024-36926 CVE-2024-36974 CVE-2024-38541 CVE-2024-38555 CVE-2024-39463 CVE-2024-42093 CVE-2024-39494 CVE-2024-40902 CVE-2024-40937 CVE-2024-40954 CVE-2024-40956 CVE-2024-40989 CVE-2024-40994 CVE-2024-41011 CVE-2024-41012 CVE-2024-41059 CVE-2024-41069 CVE-2024-41090 CVE-2022-48813 CVE-2022-48811 CVE-2022-48713 CVE-2021-47616 CVE-2021-47617 CVE-2021-47618 CVE-2021-47619 CVE-2021-47620 CVE-2021-47622 CVE-2021-47624 CVE-2022-0854 CVE-2022-20368 CVE-2022-48711 CVE-2022-48712 CVE-2022-48715 CVE-2021-47614 CVE-2022-48717 CVE-2022-48720 CVE-2022-48721 CVE-2022-48722 CVE-2022-48723 CVE-2022-48724 CVE-2022-48725 CVE-2022-48726 CVE-2022-48727 CVE-2022-48728 CVE-2022-48729 CVE-2021-47615 CVE-2021-47612 CVE-2022-48732 CVE-2021-47586 CVE-2013-4235 CVE-2021-4439 CVE-2021-47534 CVE-2021-47576 CVE-2021-47578 CVE-2021-47580 CVE-2021-47582 CVE-2021-47583 CVE-2021-47584 CVE-2021-47585 CVE-2021-47587 CVE-2021-47611 CVE-2021-47589 CVE-2021-47592 CVE-2021-47596 CVE-2021-47597 CVE-2021-47598 CVE-2021-47600 CVE-2021-47601 CVE-2021-47602 CVE-2021-47603 CVE-2021-47607 CVE-2021-47608 CVE-2021-47609 CVE-2022-48730 CVE-2022-48734 CVE-2022-48807 CVE-2022-48792 CVE-2022-48777 CVE-2022-48778 CVE-2022-48780 CVE-2022-48783 CVE-2022-48784 CVE-2022-48786 CVE-2022-48787 CVE-2022-48788 CVE-2022-48789 CVE-2022-48790 CVE-2022-48791 CVE-2022-48793 CVE-2022-48775 CVE-2022-48794 CVE-2022-48796 CVE-2022-48797 CVE-2022-48798 CVE-2022-48799 CVE-2022-48800 CVE-2022-48801 CVE-2022-48802 CVE-2022-48803 CVE-2022-48804 CVE-2022-48805 CVE-2022-48806 CVE-2022-48776 CVE-2022-48774 CVE-2022-48735 CVE-2022-48751 CVE-2022-48736 CVE-2022-48737 CVE-2022-48738 CVE-2022-48739 CVE-2022-48740 CVE-2022-48743 CVE-2022-48744 CVE-2022-48745 CVE-2022-48746 CVE-2022-48747 CVE-2022-48749 CVE-2022-48752 CVE-2022-48773 CVE-2022-48754 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760 CVE-2022-48761 CVE-2022-48763 CVE-2022-48765 CVE-2022-48767 CVE-2022-48768 CVE-2022-48769 CVE-2022-48771 |
CWE-ID | CWE-362 CWE-416 CWE-401 CWE-835 CWE-125 CWE-400 CWE-264 CWE-119 CWE-399 CWE-617 CWE-476 CWE-667 CWE-388 CWE-682 CWE-191 CWE-20 CWE-190 CWE-908 CWE-94 CWE-284 CWE-918 CWE-613 CWE-415 CWE-193 CWE-367 CWE-369 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Dell EMC Storage Monitoring and Reporting (SMR) Server applications / SCADA systems Storage Resource Manager Other software / Other software solutions |
Vendor | Dell |
Security Bulletin
This security bulletin contains information about 223 vulnerabilities.
EUVDB-ID: #VU74629
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1582
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within fs/proc/task_mmu.c. A local user can exploit the race and crash the kernel.
Install update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://lore.kernel.org/linux-mm/Yg6ac8WlwtnDH6M0@kroah.com/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94414
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48851
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tx_complete() function in drivers/staging/gdm724x/gdm_lte.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/6dc7b87c62423bfa68139fe95e85028aab584c9a
http://git.kernel.org/stable/c/83a9c886c2b5a0d28c0b37e1736b47f38d61332a
http://git.kernel.org/stable/c/48ecdf3e29a6e514e8196691589c7dfc6c4ac169
http://git.kernel.org/stable/c/403e3afe241b62401de1f8629c9c6b9b3d69dbff
http://git.kernel.org/stable/c/6d9700b445098dbbce0caff4b8cfca214cf1e757
http://git.kernel.org/stable/c/1fb9dd3787495b4deb0efe66c58306b65691a48f
http://git.kernel.org/stable/c/d39dc79513e99147b4c158a8a9e46743e23944f5
http://git.kernel.org/stable/c/fc7f750dc9d102c1ed7bbe4591f991e770c99033
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94397
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48853
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the Documentation/DMA-attributes.txt, include/linux/dma-mapping.h, lib/swiotlb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/c132f2ba716b5ee6b35f82226a6e5417d013d753
http://git.kernel.org/stable/c/971e5dadffd02beba1063e7dd9c3a82de17cf534
http://git.kernel.org/stable/c/8d9ac1b6665c73f23e963775f85d99679fd8e192
http://git.kernel.org/stable/c/6bfc5377a210dbda2a237f16d94d1bd4f1335026
http://git.kernel.org/stable/c/d4d975e7921079f877f828099bb8260af335508f
http://git.kernel.org/stable/c/7403f4118ab94be837ab9d770507537a8057bc63
http://git.kernel.org/stable/c/270475d6d2410ec66e971bf181afe1958dad565e
http://git.kernel.org/stable/c/ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94396
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48856
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gfar_get_ts_info() function in drivers/net/ethernet/freescale/gianfar_ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/6263f2eb93a85ad7df504daf0c341a7fb6bbe8a6
http://git.kernel.org/stable/c/f7b3b520349193f8a82cca74daf366199e06add9
http://git.kernel.org/stable/c/21044e679ed535345042d2023f7df0ca8e897e2a
http://git.kernel.org/stable/c/f49f646f9ec296fc0afe7ae92c2bb47f23e3846c
http://git.kernel.org/stable/c/0e1b9a2078e07fb1e6e91bf8badfd89ecab1e848
http://git.kernel.org/stable/c/2ac5b58e645c66932438bb021cb5b52097ce70b0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94412
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48857
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfc_digital_free_device() function in drivers/nfc/port100.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/205c4ec78e71cbf561794e6043da80e7bae6790f
http://git.kernel.org/stable/c/32e866ae5a7af590597ef4bcff8451bf96d5f980
http://git.kernel.org/stable/c/b1db33d4e54bc35d8db96ce143ea0ef92e23d58e
http://git.kernel.org/stable/c/cd2a5c0da0d1ddf11d1f84e9c9b1949f50f6e161
http://git.kernel.org/stable/c/2b1c85f56512d49e43bc53741fce2f508cd90029
http://git.kernel.org/stable/c/0e721b8f2ee5e11376dd55363f9ccb539d754b8a
http://git.kernel.org/stable/c/7194737e1be8fdc89d2a9382bd2f371f7ee2eda8
http://git.kernel.org/stable/c/f80cfe2f26581f188429c12bd937eb905ad3ac7b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94411
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48858
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cmd_alloc_index() and cmd_ent_get() functions in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/1a4017926eeea56c7540cc41b42106746ee8a0ee
http://git.kernel.org/stable/c/f3331bc17449f15832c31823f27573f4c0e13e5f
http://git.kernel.org/stable/c/7c519f769f555ff7d9d4ccba3497bbb589df360a
http://git.kernel.org/stable/c/0401bfb27a91d7bdd74b1635c1aae57cbb128da6
http://git.kernel.org/stable/c/063bd355595428750803d8736a9bb7c8db67d42d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94395
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48859
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the prestera_switch_set_base_mac_addr() function in drivers/net/ethernet/marvell/prestera/prestera_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/b7c2fd1d126329340639adfb8dd2938fe4b65df7
http://git.kernel.org/stable/c/4cc66bf17220ff9631f9fa99b02a872e0ad5a08b
http://git.kernel.org/stable/c/c9ffa3e2bc451816ce0295e40063514fabf2bd36
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94394
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48860
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xemaclite_of_probe() function in drivers/net/ethernet/xilinx/xilinx_emaclite.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/669172ce976608b25a2f76f3c65d47f042d125c9
http://git.kernel.org/stable/c/b7220f8e9d6c6b9594ddfb3125dad938cd478b1f
http://git.kernel.org/stable/c/8609e29611befc4bfbe7a91bb50fc65ae72ff549
http://git.kernel.org/stable/c/8ee065a7a9b6a3976c16340503677efc4d8351f6
http://git.kernel.org/stable/c/979b418b96e35f07136f77962ccfaa54cf3e30e1
http://git.kernel.org/stable/c/5e7c402892e189a7bc152b125e72261154aa585d
http://git.kernel.org/stable/c/1852854ee349881efb78ccdbbb237838975902e4
http://git.kernel.org/stable/c/b19ab4b38b06aae12442b2de95ccf58b5dc53584
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94410
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48861
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vp_vdpa_remove() function in drivers/vdpa/virtio_pci/vp_vdpa.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/4b1743bc715a3691a63ac21b349079b07bf1b19e
http://git.kernel.org/stable/c/dc54ba9932aeaaa1a21fe214af1f446593a78274
http://git.kernel.org/stable/c/eb057b44dbe35ae14527830236a92f51de8f9184
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94469
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48862
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the vhost_chr_write_iter() function in drivers/vhost/vhost.c, within the vhost_iotlb_add_range_ctx() function in drivers/vhost/iotlb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/f8d88e86e90ea1002226d7ac2430152bfea003d1
http://git.kernel.org/stable/c/d9a747e6b6561280bf1791bb24c5e9e082193dad
http://git.kernel.org/stable/c/e2ae38cf3d91837a493cb2093c87700ff3cbe667
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94393
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48863
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dsp_pipeline_destroy() and dsp_pipeline_build() functions in drivers/isdn/mISDN/dsp_pipeline.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/a3d5fcc6cf2ecbba5a269631092570aa285a24cb
http://git.kernel.org/stable/c/7777b1f795af1bb43867375d8a776080111aae1b
http://git.kernel.org/stable/c/640445d6fc059d4514ffea79eb4196299e0e2d0f
http://git.kernel.org/stable/c/c6a502c2299941c8326d029cfc8a3bc8a4607ad5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94429
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48866
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the thrustmaster_interrupts() function in drivers/hid/hid-thrustmaster.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/3ffbe85cda7f523dad896bae08cecd8db8b555ab
http://git.kernel.org/stable/c/56185434e1e50acecee56d8f5850135009b87947
http://git.kernel.org/stable/c/fc3ef2e3297b3c0e2006b5d7b3d66965e3392036
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75412
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-30608
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
http://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
http://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb
http://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94428
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48847
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the watch_queue_set_filter() function in kernel/watch_queue.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/648895da69ced90ca770fd941c3d9479a9d72c16
http://git.kernel.org/stable/c/1b09f28f70a5046acd64138075ae3f095238b045
http://git.kernel.org/stable/c/b36588ebbcef74583824c08352e75838d6fb4ff2
http://git.kernel.org/stable/c/c993ee0f9f81caf5767a50d1faeba39a0dc82af2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96619
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-31315
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper validation in a model specific register (MSR). A malicious application with ring0 access can modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU80795
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37453
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the read_descriptors() function in drivers/usb/core/sysfs.c. An attacker with physical access to the system can attach a malicious USB device, trigger an out-of-bounds read error and crash the kernel.
Install update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://syzkaller.appspot.com/bug?extid=18996170f8096c6174d0
http://lore.kernel.org/all/000000000000c0ffe505fe86c9ca@google.com/T/
http://lore.kernel.org/all/000000000000e56434059580f86e@google.com/T/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93622
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52762
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the virtblk_probe() function in drivers/block/virtio_blk.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/72775cad7f572bb2501f9ea609e1d20e68f0b38b
http://git.kernel.org/stable/c/472bd4787406bef2e8b41ee4c74d960a06a49a48
http://git.kernel.org/stable/c/017278f141141367f7d14b203e930b45b6ffffb9
http://git.kernel.org/stable/c/d667fe301dcbcb12d1d6494fc4b8abee2cb75d90
http://git.kernel.org/stable/c/fafb51a67fb883eb2dde352539df939a251851be
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91086
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52766
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hci_dma_irq_handler() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/d23ad76f240c0f597b7a9eb79905d246f27d40df
http://git.kernel.org/stable/c/8be39f66915b40d26ea2c18ba84b5c3d5da6809b
http://git.kernel.org/stable/c/7c2b91b30d74d7c407118ad72502d4ca28af1af6
http://git.kernel.org/stable/c/4c86cb2321bd9c72d3b945ce7f747961beda8e65
http://git.kernel.org/stable/c/45a832f989e520095429589d5b01b0c65da9b574
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90071
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath11k_htt_pktlog() function in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/03ed26935bebf6b6fd8a656490bf3dcc71b72679
http://git.kernel.org/stable/c/3a51e6b4da71fdfa43ec006d6abc020f3e22d14e
http://git.kernel.org/stable/c/e3199b3fac65c9f103055390b6fd07c5cffa5961
http://git.kernel.org/stable/c/423762f021825b5e57c3d6f01ff96a9ff19cdcd8
http://git.kernel.org/stable/c/69cede2a5a5f60e3f5602b901b52cb64edd2ea6c
http://git.kernel.org/stable/c/3f77c7d605b29df277d77e9ee75d96e7ad145d2d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94326
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52885
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the svc_tcp_listen_data_ready() function in net/sunrpc/svcsock.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/c7b8c2d06e437639694abe76978e915cfb73f428
http://git.kernel.org/stable/c/dfc896c4a75cb8cd7cb2dfd9b469cf1e3f004254
http://git.kernel.org/stable/c/42725e5c1b181b757ba11d804443922982334d9b
http://git.kernel.org/stable/c/cd5ec3ee52ce4b7e283cc11facfa420c297c8065
http://git.kernel.org/stable/c/fbf4ace39b2e4f3833236afbb2336edbafd75eee
http://git.kernel.org/stable/c/ef047411887ff0845afd642d6a687819308e1a4e
http://git.kernel.org/stable/c/7e1f989055622fd086c5dfb291fc72adf5660b6f
http://git.kernel.org/stable/c/fc80fc2d4e39137869da3150ee169b40bf879287
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94434
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52886
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_bMaxPacketSize0(), hub_port_init(), hub_port_connect() and usb_reset_and_verify_device() functions in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/9d241c5d9a9b7ad95c90c6520272fe404d5ac88f
http://git.kernel.org/stable/c/7fe9d87996062f5eb0ca476ad0257f79bf43aaf5
http://git.kernel.org/stable/c/8186596a663506b1124bede9fde6f243ef9f37ee
http://git.kernel.org/stable/c/b4a074b1fb222164ed7d5c0b8c922dc4a0840848
http://git.kernel.org/stable/c/b9fbfb349eacc0820f91c797d7f0a3ac7a4935b5
http://git.kernel.org/stable/c/ff33299ec8bb80cdcc073ad9c506bd79bb2ed20b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94710
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-1737
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling a very large number of RRs. Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://kb.isc.org/docs/cve-2024-1737
http://www.openwall.com/lists/oss-security/2024/07/23/1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94711
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-1975
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://kb.isc.org/docs/cve-2024-1975
http://www.openwall.com/lists/oss-security/2024/07/23/1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94713
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-4076
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when serving both stale cache data and authoritative zone content. A remote attacker can send specially crafted queries to the DNS server to trigger an assertion failure and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://kb.isc.org/docs/cve-2024-4076
http://www.openwall.com/lists/oss-security/2024/07/23/1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93424
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-5535
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the SSL_select_next_proto() function when using NPN. A remote attacker can send specially crafted data to the application, trigger an out-of-bounds read and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.openssl.org/news/secadv/20240627.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94484
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48849
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_display_framebuffer_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_display.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/fcd1d79aa943fff4fbaa0cce1d576995a7960699
http://git.kernel.org/stable/c/cb29021be49858059138f75d6311a7c35a9379b2
http://git.kernel.org/stable/c/e2b993302f40c4eb714ecf896dd9e1c5be7d4cd7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94436
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48843
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL() function in drivers/gpu/drm/drm_connector.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/941e8bcd2b2ba95490738e33dfeca27168452779
http://git.kernel.org/stable/c/0ba557d330946c23559aaea2d51ea649fdeca98a
http://git.kernel.org/stable/c/3534c5c005ef99a1804ed50b8a72cdae254cabb5
http://git.kernel.org/stable/c/85271e92ae4f13aa679acaa6cf76b3c36bcb7bab
http://git.kernel.org/stable/c/62929726ef0ec72cbbe9440c5d125d4278b99894
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95131
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-7264
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the ASN1 parser code in the GTime2str() function. A remote attacker can trigger an out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://curl.se/docs/CVE-2024-7264.json
http://curl.se/docs/CVE-2024-7264.html
http://hackerone.com/reports/2629968
http://www.openwall.com/lists/oss-security/2024/07/31/1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94451
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48826
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vc4_dsi_host_attach() and vc4_dsi_dev_remove() functions in drivers/gpu/drm/vc4/vc4_dsi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/770d1ba9a8201ce9bee0946eb03746449b6f3b80
http://git.kernel.org/stable/c/dddd832f35096fbc5004e3a7e58fb4d2cefb8deb
http://git.kernel.org/stable/c/0a3d12ab5097b1d045e693412e6b366b7e82031b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94474
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48814
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vsc9953_mdio_bus_alloc() and vsc9953_mdio_bus_free() functions in drivers/net/dsa/ocelot/seville_vsc9953.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/1d13e7221035947c62800c9d3d99b4ed570e27e7
http://git.kernel.org/stable/c/0e816362d823cd46c666e64d8bffe329ee22f4cc
http://git.kernel.org/stable/c/bd488afc3b39e045ba71aab472233f2a78726e7b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94471
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48815
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bcm_sf2_mdio_register() function in drivers/net/dsa/bcm_sf2.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/2770b795294ed312375c11ef1d0b810499c66b83
http://git.kernel.org/stable/c/caabb5f64f5c32fceed93356bb688ef1ec6c5783
http://git.kernel.org/stable/c/08e1a3554e99a1a5bd2835907381e2383ee85cae
http://git.kernel.org/stable/c/08f1a20822349004bb9cc1b153ecb516e9f2889d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94452
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48816
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xs_get_srcport() function in net/sunrpc/xprtsock.c, within the rpc_sysfs_xprt_srcaddr_show() function in net/sunrpc/sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/9482ab4540f5bcc869b44c067ae99b5fca16bd07
http://git.kernel.org/stable/c/b49ea673e119f59c71645e2f65b3ccad857c90ee
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94473
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48817
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ar9331_sw_mbus_init() and ar9331_sw_remove() functions in drivers/net/dsa/qca/ar9331.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/475ce5dcf2d88fd4f3c213a0ac944e3e40702970
http://git.kernel.org/stable/c/aae1c6a1d3d696fc33b609fb12fe744a556d1dc5
http://git.kernel.org/stable/c/f1842a8cb71de4d7eb75a86f76e88c7ee739218c
http://git.kernel.org/stable/c/50facd86e9fbc4b93fe02e5fe05776047f45dbfb
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94461
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48818
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mv88e6xxx_mdio_register() and mv88e6xxx_mdios_unregister() functions in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/8ccebe77df6e0d88c72ba5e69cf1835927e53b6c
http://git.kernel.org/stable/c/8b626d45127d6f5ada7d815b83cfdc09e8cb1394
http://git.kernel.org/stable/c/1b451c3994a2d322f8e55032c62c8b47b7d95900
http://git.kernel.org/stable/c/f53a2ce893b2c7884ef94471f170839170a4eba0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94404
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48820
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the stm32_usbphyc_pll_enable() function in drivers/phy/st/phy-stm32-usbphyc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/94b16ca86ab688ed6fad4548f70137f93cf1f0a9
http://git.kernel.org/stable/c/0ad1a88fa3eb0ded7798f52b79bc33f75fc9a6d2
http://git.kernel.org/stable/c/cfc826c88a79e22ba5d8001556eb2c7efd8a01b6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94417
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48821
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fastrpc_dmabuf_alloc() function in drivers/misc/fastrpc.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/4e6fd2b5fcf8e7119305a6042bd92e7f2b9ed215
http://git.kernel.org/stable/c/a5ce7ee5fcc07583159f54ab4af5164de00148f5
http://git.kernel.org/stable/c/e4382d0a39f9a1e260d62fdc079ddae5293c037d
http://git.kernel.org/stable/c/76f85c307ef9f10aa2cef1b1d5ee654c1f3345fc
http://git.kernel.org/stable/c/46963e2e0629cb31c96b1d47ddd89dc3d8990b34
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94403
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48822
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ffs_data_put(), ffs_data_new(), ffs_epfiles_destroy() and ffs_func_eps_disable() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/32048f4be071f9a6966744243f1786f45bb22dc2
http://git.kernel.org/stable/c/cfe5f6fd335d882bcc829a1c8a7d462a455c626e
http://git.kernel.org/stable/c/c9fc422c9a43e3d58d246334a71f3390401781dc
http://git.kernel.org/stable/c/0042178a69eb77a979e36a50dcce9794a3140ef8
http://git.kernel.org/stable/c/72a8aee863af099d4434314c4536d6c9a61dcf3c
http://git.kernel.org/stable/c/3e078b18753669615301d946297bafd69294ad2c
http://git.kernel.org/stable/c/ebe2b1add1055b903e2acd86b290a85297edc0b3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94488
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48823
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the qedf_initiate_cleanup() function in drivers/scsi/qedf/qedf_io.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/7cc32ff0cd6c44a3c26de5faecfe8b5546198fad
http://git.kernel.org/stable/c/87f187e5265bc8e3b38faef8b9db864cdd61dde7
http://git.kernel.org/stable/c/6be8eaad75ca73131e2a697f0270dc8ee73814a8
http://git.kernel.org/stable/c/7fcbed38503bb34c6e6538b6a9482d1c6bead1e8
http://git.kernel.org/stable/c/5239ab63f17cee643bd4bf6addfedebaa7d4f41e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94445
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48824
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the myrs_cleanup() function in drivers/scsi/myrs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/5c5ceea00c8c9df150708e66cb9f2891192c1162
http://git.kernel.org/stable/c/0e42c4a3d732517edc3766dd45a14e60d29dd929
http://git.kernel.org/stable/c/6207f35c213f6cb2fc3f13b5e77f08c710e1de19
http://git.kernel.org/stable/c/1d6cd26605b4d662063a83c15c776b5299a1cb23
http://git.kernel.org/stable/c/4db09593af0b0b4d7d4805ebb3273df51d7cc30d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94485
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48825
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qedf_vport_create() function in drivers/scsi/qedf/qedf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/aa7352aa155e19815b41f09f114fe9f110fde4d8
http://git.kernel.org/stable/c/1f53bbf27a876f7e61262bd74c18680ac11d4c31
http://git.kernel.org/stable/c/0be556512cd0dfcf5ec1a140d9f42d88221a5d4e
http://git.kernel.org/stable/c/b70a99fd13282d7885f69bf1372e28b7506a1613
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94479
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48827
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nfsd4_encode_read() and nfsd4_encode_read_plus() functions in fs/nfsd/nfs4xdr.c, within the nfsd4_read() function in fs/nfsd/nfs4proc.c, within the nfsd3_proc_read() function in fs/nfsd/nfs3proc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/1726a39b0879acfb490b22dca643f26f4f907da9
http://git.kernel.org/stable/c/c6eff5c4277146a78b4fb8c9b668dd64542c41b0
http://git.kernel.org/stable/c/44502aca8e02ab32d6b0eb52e006a5ec9402719b
http://git.kernel.org/stable/c/0cb4d23ae08c48f6bf3c29a8e5c4a74b8388b960
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94446
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48842
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ice_service_task() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/a9bbacc53d1f5ed8febbfdf31401d20e005f49ef
http://git.kernel.org/stable/c/e1014fc5572375658fa421531cedb6e084f477dc
http://git.kernel.org/stable/c/5cb1ebdbc4342b1c2ce89516e19808d64417bdbc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94466
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48828
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nfsd_setattr() function in fs/nfsd/vfs.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/38d02ba22e43b6fc7d291cf724bc6e3b7be6626b
http://git.kernel.org/stable/c/8e0ecaf7a7e57b30284d6b3289cc436100fadc48
http://git.kernel.org/stable/c/da22ca1ad548429d7822011c54cfe210718e0aa7
http://git.kernel.org/stable/c/e6faac3f58c7c4176b66f63def17a34232a17b0e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94492
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48829
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the svcxdr_decode_sattr3() function in fs/nfsd/nfs3xdr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/a231ae6bb50e7c0a9e9efd7b0d10687f1d71b3a3
http://git.kernel.org/stable/c/37f2d2cd8eadddbbd9c7bda327a9393399b2f89b
http://git.kernel.org/stable/c/aa9051ddb4b378bd22e72a67bc77b9fc1482c5f0
http://git.kernel.org/stable/c/a648fdeb7c0e17177a2280344d015dba3fbe3314
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94450
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48830
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the LIST_HEAD(), isotp_rcv() and isotp_init() functions in net/can/isotp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/7b53d2204ce79b27a878074a77d64f40ec21dbca
http://git.kernel.org/stable/c/f90cc68f9f4b5d8585ad5d0a206a9d37ac299ef3
http://git.kernel.org/stable/c/5b068f33bc8acfcfd5ea7992a2dafb30d89bad30
http://git.kernel.org/stable/c/7c759040c1dd03954f650f147ae7175476d51314
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94402
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48831
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the asymmetric_verify() function in security/integrity/digsig_asymmetric.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/0838d6d68182f0b28a5434bc6d50727c4757e35b
http://git.kernel.org/stable/c/89f586d3398f4cc0432ed870949dffb702940754
http://git.kernel.org/stable/c/926fd9f23b27ca6587492c3f58f4c7f4cd01dad5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94481
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48834
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the usbtmc_ioctl_request() function in drivers/usb/class/usbtmc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/700a0715854c1e79a73341724ce4f5bb01abc016
http://git.kernel.org/stable/c/10a805334a11acd547602d6c4cf540a0f6ab5c6e
http://git.kernel.org/stable/c/c69aef9db878ab277068a8cc1b4bf0cf309dc2b7
http://git.kernel.org/stable/c/5f6a2d63c68c12cf61259df7c3527a0e05dce952
http://git.kernel.org/stable/c/e9b667a82cdcfe21d590344447d65daed52b353b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94448
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48835
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mpt3sas_base_sync_reply_irqs() function in drivers/scsi/mpt3sas/mpt3sas_base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/98e7a654a5bebaf1a28e987af5e44c002544a413
http://git.kernel.org/stable/c/0cd2dd4bcf4abc812148c4943f966a3c8dccb00f
http://git.kernel.org/stable/c/3916e33b917581e2b2086e856c291cb86ea98a05
http://git.kernel.org/stable/c/69ad4ef868c1fc7609daa235dfa46d28ba7a3ba3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94447
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48836
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the aiptek_probe() function in drivers/input/tablet/aiptek.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/57277a8b5d881e02051ba9d7f6cb3f915c229821
http://git.kernel.org/stable/c/fc8033a55e2796d21e370260a784ac9fbb8305a6
http://git.kernel.org/stable/c/6de20111cd0bb7da9b2294073ba00c7d2a6c1c4f
http://git.kernel.org/stable/c/e732b0412f8c603d1e998f3bff41b5e7d5c3914c
http://git.kernel.org/stable/c/f0d43d22d24182b94d7eb78a2bf6ae7e2b33204a
http://git.kernel.org/stable/c/e762f57ff255af28236cd02ca9fc5c7e5a089d31
http://git.kernel.org/stable/c/35069e654bcab567ff8b9f0e68e1caf82c15dcd7
http://git.kernel.org/stable/c/5600f6986628dde8881734090588474f54a540a8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94465
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48837
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the rndis_set_response() function in drivers/usb/gadget/function/rndis.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/8b3e4d26bc9cd0f6373d0095b9ffd99e7da8006b
http://git.kernel.org/stable/c/c7953cf03a26876d676145ce5d2ae6d8c9630b90
http://git.kernel.org/stable/c/138d4f739b35dfb40438a0d5d7054965763bfbe7
http://git.kernel.org/stable/c/21829376268397f9fd2c35cfa9135937b6aa3a1e
http://git.kernel.org/stable/c/28bc0267399f42f987916a7174e2e32f0833cc65
http://git.kernel.org/stable/c/56b38e3ca4064041d93c1ca18828c8cedad2e16c
http://git.kernel.org/stable/c/df7e088d51cdf78b1a0bf1f3d405c2593295c7b0
http://git.kernel.org/stable/c/65f3324f4b6fed78b8761c3b74615ecf0ffa81fa
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94415
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48838
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the usb_gadget_remove_driver(), udc_bind_to_driver() and dev_err() functions in drivers/usb/gadget/udc/core.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/4325124dde6726267813c736fee61226f1d38f0b
http://git.kernel.org/stable/c/e2d3a7009e505e120805f449c832942660f3f7f3
http://git.kernel.org/stable/c/609a7119bffe3ddd7c93f2fa65be8917e02a0b7e
http://git.kernel.org/stable/c/2282a6eb6d4e118e294e43dcc421e0e0fe4040b5
http://git.kernel.org/stable/c/00bdd9bf1ac6d401ad926d3d8df41b9f1399f646
http://git.kernel.org/stable/c/2015c23610cd0efadaeca4d3a8d1dae9a45aa35a
http://git.kernel.org/stable/c/27d64436984fb8835a8b7e95993193cc478b162e
http://git.kernel.org/stable/c/16b1941eac2bd499f065a6739a40ce0011a3d740
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94392
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48839
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpacket_rcv() and packet_recvmsg() functions in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/b9d5772d60f8e7ef34e290f72fc20e3a4883e7d0
http://git.kernel.org/stable/c/b1e27cda1e3c12b705875bb7e247a97168580e33
http://git.kernel.org/stable/c/a33dd1e6693f80d805155b3f69c18c2f642915da
http://git.kernel.org/stable/c/268dcf1f7b3193bc446ec3d14e08a240e9561e4d
http://git.kernel.org/stable/c/70b7b3c055fd4a464da8da55ff4c1f84269f9b02
http://git.kernel.org/stable/c/a055f5f2841f7522b44a2b1eccb1951b4b03d51a
http://git.kernel.org/stable/c/ef591b35176029fdefea38e8388ffa371e18f4b2
http://git.kernel.org/stable/c/c700525fcc06b05adfea78039de02628af79e07a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94463
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48840
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the iavf_remove() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/80974bb730270199c6fcb189af04d5945b87e813
http://git.kernel.org/stable/c/4477b9a4193b35eb3a8afd2adf2d42add2f88d57
http://git.kernel.org/stable/c/b04683ff8f0823b869c219c78ba0d974bddea0b5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94435
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48841
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_update_vsi_tx_ring_stats() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/2397270ec97c5e3009a58ac110a25e1869e9d6ff
http://git.kernel.org/stable/c/f153546913bada41a811722f2c6d17c3243a0333
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95339
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-6345
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when processing URL in the package_index module of pypa/setuptools. A remote attacker can send a specially crafted request and execute arbitrary code on the target system via download functions.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5
http://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87596
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26583
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition between async notify and socket close in TLS implementation in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system, trigger a race condition and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/aec7961916f3f9e88766e2688992da6980f11b8d
http://git.kernel.org/stable/c/7a3ca06d04d589deec81f56229a9a9d62352ce01
http://git.kernel.org/stable/c/86dc27ee36f558fe223dbdfbfcb6856247356f4a
http://git.kernel.org/stable/c/6209319b2efdd8524691187ee99c40637558fa33
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94476
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48812
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the gswip_mdio_rd(), gswip_mdio(), gswip_mdio_mask() and gswip_remove() functions in drivers/net/dsa/lantiq_gswip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/e177d2e85ebcd3008c4b2abc293f4118e04eedef
http://git.kernel.org/stable/c/b5652bc50dde7b84e93dfb25479b64b817e377c1
http://git.kernel.org/stable/c/2443ba2fe396bdde187a2fdfa6a57375643ae93c
http://git.kernel.org/stable/c/0d120dfb5d67edc5bcd1804e167dba2b30809afd
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94585
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21134
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform service disruption.
The vulnerability exists due to improper input validation within the Server: Connection Handling component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94559
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21131
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94560
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21138
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94557
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21140
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94558
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21144
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Concurrency component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94556
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21145
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the 2D component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94555
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21147
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94570
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20996
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94569
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21125
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94577
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21127
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94578
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21129
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94579
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21130
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94584
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21142
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95062
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42230
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the define_machine() function in arch/powerpc/platforms/pseries/setup.c, within the pseries_kexec_cpu_down() function in arch/powerpc/platforms/pseries/kexec.c, within the default_machine_kexec() function in arch/powerpc/kexec/core_64.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/c550679d604798d9fed8a5b2bb5693448a25407c
http://git.kernel.org/stable/c/d10e3c39001e9194b9a1bfd6979bd3fa19dccdc5
http://git.kernel.org/stable/c/8c6506616386ce37e59b2745fc481c6713fae4f3
http://git.kernel.org/stable/c/21a741eb75f80397e5f7d3739e24d7d75e619011
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94582
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21162
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94567
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21163
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94564
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21171
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94574
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21173
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94563
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21177
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94575
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21179
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94576
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21185
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://www.oracle.com/security-alerts/cpujul2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87607
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22257
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions when the "AuthenticatedVoter#vote" passing a "null" Authentication parameter. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://spring.io/security/cve-2024-22257
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89801
Risk: Medium
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22262
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input when parsing URL with the UriComponentsBuilder component. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
Note, this vulnerability exists due to incomplete fix for #VU87614 (CVE-2024-22259) and #VU86695 (CVE-2024-22243).
Install update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://spring.io/security/cve-2024-22262
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100042
Risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47242
CWE-ID:
CWE-613 - Insufficient Session Expiration
Exploit availability: No
DescriptionThe vulnerability allows an adjacent user to gain access to sensitive information.
The vulnerability exists due to insufficient session expiration issue. An adjacent user can obtain or guess session token and gain unauthorized access to session that belongs to another user.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93732
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34750
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling HTTP/2 stream. A remote attacker can initiate multiple HTTP/2 connections to the server that are remain open and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.90
http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.25
http://lists.apache.org/thread/hmw3txqzzbc1yp2t5cg4dsws0n92ly0f
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95054
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42145
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcb
http://git.kernel.org/stable/c/b4913702419d064ec4c4bbf7270643c95cc89a1b
http://git.kernel.org/stable/c/62349fbf86b5e13b02721bdadf98c29afd1e7b5f
http://git.kernel.org/stable/c/d73cb8862e4d6760ccc94d3b57b9ef6271400607
http://git.kernel.org/stable/c/63d202d948bb6d3a28cd8e8b96b160fa53e18baa
http://git.kernel.org/stable/c/b8c5f635997f49c625178d1a0cb32a80ed33abe6
http://git.kernel.org/stable/c/a6627fba793cc75b7365d9504a0095fb2902dda4
http://git.kernel.org/stable/c/ca0b44e20a6f3032224599f02e7c8fb49525c894
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89001
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26584
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when handling backlogging of crypto requests in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/8590541473188741055d27b955db0777569438e3
http://git.kernel.org/stable/c/13eca403876bbea3716e82cdfe6f1e6febb38754
http://git.kernel.org/stable/c/ab6397f072e5097f267abf5cb08a8004e6b17694
http://git.kernel.org/stable/c/cd1bbca03f3c1d845ce274c0d0a66de8e5929f72
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92328
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38559
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95
http://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59
http://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c
http://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255
http://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613
http://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d
http://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8
http://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9
http://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90210
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the struct_group(), tls_do_decryption() and tls_decrypt_sg() functions in net/tls/tls_sw.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/81be85353b0f5a7b660635634b655329b429eefe
http://git.kernel.org/stable/c/1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1
http://git.kernel.org/stable/c/f2b85a4cc763841843de693bbd7308fe9a2c4c89
http://git.kernel.org/stable/c/13114dc5543069f7b97991e3b79937b6da05f5b0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90588
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26813
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vfio_platform_set_irq_unmask(), vfio_automasked_irq_handler(), vfio_irq_handler(), vfio_set_trigger(), vfio_platform_set_irq_trigger(), vfio_platform_set_irqs_ioctl(), vfio_platform_irq_init() and vfio_platform_irq_cleanup() functions in drivers/vfio/platform/vfio_platform_irq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/7932db06c82c5b2f42a4d1a849d97dba9ce4a362
http://git.kernel.org/stable/c/62d4e43a569b67929eb3319780be5359694c8086
http://git.kernel.org/stable/c/d6bedd6acc0bcb1e7e010bc046032e47f08d379f
http://git.kernel.org/stable/c/0f8d8f9c2173a541812dd750529f4a415117eb29
http://git.kernel.org/stable/c/675daf435e9f8e5a5eab140a9864dfad6668b375
http://git.kernel.org/stable/c/cc5838f19d39a5fef04c468199699d2a4578be3a
http://git.kernel.org/stable/c/07afdfd8a68f9eea8db0ddc4626c874f29d2ac5e
http://git.kernel.org/stable/c/09452c8fcbd7817c06e8e3212d99b45917e603a5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92058
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26814
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vfio_fsl_mc_set_irq_trigger() function in drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/083e750c9f5f4c3bf61161330fb84d7c8e8bb417
http://git.kernel.org/stable/c/ee0bd4ad780dfbb60355b99f25063357ab488267
http://git.kernel.org/stable/c/de87511fb0404d23b6da5f4660383b6ed095e28d
http://git.kernel.org/stable/c/6ec0d88166dac43f29e96801c0927d514f17add9
http://git.kernel.org/stable/c/7447d911af699a15f8d050dfcb7c680a86f87012
http://git.kernel.org/stable/c/250219c6a556f8c69c5910fca05a59037e24147d
http://git.kernel.org/stable/c/a563fc18583ca4f42e2fdd0c70c7c618288e7ede
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90774
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26976
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the async_pf_execute(), kvm_clear_async_pf_completion_queue(), kvm_check_async_pf_completion() and kvm_setup_async_pf() functions in virt/kvm/async_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/ab2c2f5d9576112ad22cfd3798071cb74693b1f5
http://git.kernel.org/stable/c/82e25cc1c2e93c3023da98be282322fc08b61ffb
http://git.kernel.org/stable/c/f8730d6335e5f43d09151fca1f0f41922209a264
http://git.kernel.org/stable/c/83d3c5e309611ef593e2fcb78444fc8ceedf9bac
http://git.kernel.org/stable/c/b54478d20375874aeee257744dedfd3e413432ff
http://git.kernel.org/stable/c/a75afe480d4349c524d9c659b1a5a544dbc39a98
http://git.kernel.org/stable/c/4f3a3bce428fb439c66a578adc447afce7b4a750
http://git.kernel.org/stable/c/caa9af2e27c275e089d702cfbaaece3b42bca31b
http://git.kernel.org/stable/c/3d75b8aa5c29058a512db29da7cbee8052724157
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90508
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35878
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the of_modalias() function in drivers/of/module.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/e4a449368a2ce6d57a775d0ead27fc07f5a86e5b
http://git.kernel.org/stable/c/544561dc56f7e69a053c25e11e6170f48bb97898
http://git.kernel.org/stable/c/a1aa5390cc912934fee76ce80af5f940452fa987
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93192
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35901
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mana_get_rxbuf_cfg() function in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/ca58927b00385005f488b6a9905ced7a4f719aad
http://git.kernel.org/stable/c/05cb7c41fa1a7a7b2c2a6b81bbe7c67f5c11932b
http://git.kernel.org/stable/c/c0de6ab920aafb56feab56058e46b688e694a246
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90307
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35905
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the check_stack_access_within_bounds() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/9970e059af471478455f9534e8c3db82f8c5496d
http://git.kernel.org/stable/c/37dc1718dc0c4392dbfcb9adec22a776e745dd69
http://git.kernel.org/stable/c/98cdac206b112bec63852e94802791e316acc2c1
http://git.kernel.org/stable/c/3f0784b2f1eb9147973d8c43ba085c5fdf44ff69
http://git.kernel.org/stable/c/203a68151e8eeb331d4a64ab78303f3a15faf103
http://git.kernel.org/stable/c/ecc6a2101840177e57c925c102d2d29f260d37c8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90384
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36926
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pci_dma_bus_setup_pSeriesLP() function in arch/powerpc/platforms/pseries/iommu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/7fb5793c53f8c024e3eae9f0d44eb659aed833c4
http://git.kernel.org/stable/c/802b13b79ab1fef66c6852fc745cf197dca0cb15
http://git.kernel.org/stable/c/2bed905a72485a2b79a001bd7e66c750942d2155
http://git.kernel.org/stable/c/49a940dbdc3107fecd5e6d3063dc07128177e058
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93310
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36974
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the taprio_parse_mqprio_opt() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/f921a58ae20852d188f70842431ce6519c4fdc36
http://git.kernel.org/stable/c/0bf6cc96612bd396048f57d63f1ad454a846e39c
http://git.kernel.org/stable/c/724050ae4b76e4fae05a923cb54101d792cf4404
http://git.kernel.org/stable/c/c37a27a35eadb59286c9092c49c241270c802ae2
http://ssd-disclosure.com/ssd-advisory-linux-kernel-taprio-oob
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92376
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38541
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the of_modalias() function in drivers/of/module.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/0b0d5701a8bf02f8fee037e81aacf6746558bfd6
http://git.kernel.org/stable/c/ee332023adfd5882808f2dabf037b32d6ce36f9e
http://git.kernel.org/stable/c/e45b69360a63165377b30db4a1dfddd89ca18e9a
http://git.kernel.org/stable/c/cf7385cb26ac4f0ee6c7385960525ad534323252
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92307
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38555
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cmd_comp_notifier() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3
http://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0
http://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396
http://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb
http://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7
http://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a
http://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93322
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39463
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the v9fs_cached_dentry_delete() function in fs/9p/vfs_dentry.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/cb299cdba09f46f090b843d78ba26b667d50a456
http://git.kernel.org/stable/c/f0c5c944c6d8614c19e6e9a97fd2011dcd30e8f5
http://git.kernel.org/stable/c/fe17ebf22feb4ad7094d597526d558a49aac92b4
http://git.kernel.org/stable/c/c898afdc15645efb555acb6d85b484eb40a45409
http://www.zerodayinitiative.com/advisories/ZDI-24-1194/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95039
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42093
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dpaa2_eth_xdp_xmit() and update_xps() functions in drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/b2262b3be27cee334a2fa175ae3afb53f38fb0b1
http://git.kernel.org/stable/c/763896ab62a672d728f5eb10ac90d98c607a8509
http://git.kernel.org/stable/c/a55afc0f5f20ba30970aaf7271929dc00eee5e7d
http://git.kernel.org/stable/c/48147337d7efdea6ad6e49f5b8eb894b95868ef0
http://git.kernel.org/stable/c/69f49527aea12c23b78fb3d0a421950bf44fb4e2
http://git.kernel.org/stable/c/5e4f25091e6d06e99a23f724c839a58a8776a527
http://git.kernel.org/stable/c/d33fe1714a44ff540629b149d8fab4ac6967585c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94223
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39494
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ima_eventname_init_common() function in security/integrity/ima/ima_template_lib.c, within the ima_collect_measurement() and ima_d_path() functions in security/integrity/ima/ima_api.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/7fb374981e31c193b1152ed8d3b0a95b671330d4
http://git.kernel.org/stable/c/dd431c3ac1fc34a9268580dd59ad3e3c76b32a8c
http://git.kernel.org/stable/c/a78a6f0da57d058e2009e9958fdcef66f165208c
http://git.kernel.org/stable/c/be84f32bb2c981ca670922e047cdde1488b233de
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94296
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40902
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ea_get() function in fs/jfs/xattr.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/f0dedb5c511ed82cbaff4997a8decf2351ba549f
http://git.kernel.org/stable/c/1e84c9b1838152a87cf453270a5fa75c5037e83a
http://git.kernel.org/stable/c/fc745f6e83cb650f9a5f2c864158e3a5ea76dad0
http://git.kernel.org/stable/c/480e5bc21f2c42d90c2c16045d64d824dcdd5ec7
http://git.kernel.org/stable/c/33aecc5799c93d3ee02f853cb94e201f9731f123
http://git.kernel.org/stable/c/4598233d9748fe4db4e13b9f473588aa25e87d69
http://git.kernel.org/stable/c/b537cb2f4c4a1357479716a9c339c0bda03d873f
http://git.kernel.org/stable/c/7c55b78818cfb732680c4a72ab270cc2d2ee3d0f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94289
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40937
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the gve_rx_skb_hash() and gve_rx_poll_dqo() functions in drivers/net/ethernet/google/gve/gve_rx_dqo.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/75afd8724739ee5ed8165acde5f6ac3988b485cc
http://git.kernel.org/stable/c/d221284991118c0ab16480b53baecd857c0bc442
http://git.kernel.org/stable/c/2ce5341c36993b776012601921d7688693f8c037
http://git.kernel.org/stable/c/a68184d5b420ea4fc7e6b7ceb52bbc66f90d3c50
http://git.kernel.org/stable/c/6f4d93b78ade0a4c2cafd587f7b429ce95abb02e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94217
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40954
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sk_common_release() function in net/core/sock.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/78e4aa528a7b1204219d808310524344f627d069
http://git.kernel.org/stable/c/893eeba94c40d513cd0fe6539330ebdaea208c0e
http://git.kernel.org/stable/c/454c454ed645fed051216b79622f7cb69c1638f5
http://git.kernel.org/stable/c/5dfe2408fd7dc4d2e7ac38a116ff0a37b1cfd3b9
http://git.kernel.org/stable/c/6cd4a78d962bebbaf8beb7d2ead3f34120e3f7b2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94216
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40956
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the irq_process_work_list() function in drivers/dma/idxd/irq.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/1b08bf5a17c66ab7dbb628df5344da53c8e7ab33
http://git.kernel.org/stable/c/83163667d881100a485b6c2daa30301b7f68d9b5
http://git.kernel.org/stable/c/faa35db78b058a2ab6e074ee283f69fa398c36a8
http://git.kernel.org/stable/c/a14968921486793f2a956086895c3793761309dd
http://git.kernel.org/stable/c/e3215deca4520773cd2b155bed164c12365149a7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94324
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40989
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vgic_v3_free_redist_region() and vgic_v3_set_redist_base() functions in arch/arm64/kvm/vgic/vgic-mmio-v3.c, within the kvm_vgic_dist_destroy() function in arch/arm64/kvm/vgic/vgic-init.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/68df4fc449fcc24347209e500ce26d5816705a77
http://git.kernel.org/stable/c/48bb62859d47c5c4197a8c01128d0fa4f46ee58c
http://git.kernel.org/stable/c/152b4123f21e6aff31cea01158176ad96a999c76
http://git.kernel.org/stable/c/0d92e4a7ffd5c42b9fa864692f82476c0bf8bcc8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94294
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40994
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the max_vclocks_store() function in drivers/ptp/ptp_sysfs.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/4b03da87d0b7074c93d9662c6e1a8939f9b8b86e
http://git.kernel.org/stable/c/d50d62d5e6ee6aa03c00bddb91745d0b632d3b0f
http://git.kernel.org/stable/c/666e934d749e50a37f3796caaf843a605f115b6f
http://git.kernel.org/stable/c/e1fccfb4638ee6188377867f6015d0ce35764a8e
http://git.kernel.org/stable/c/81d23d2a24012e448f651e007fac2cfd20a45ce0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94530
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41011
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kfd_ioctl_alloc_memory_of_gpu(), criu_restore_memory_of_gpu() and kfd_mmio_mmap() functions in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/89fffbdf535ce659c1a26b51ad62070566e33b28
http://git.kernel.org/stable/c/4b4cff994a27ebf7bd3fb9a798a1cdfa8d01b724
http://git.kernel.org/stable/c/6186c93560889265bfe0914609c274eff40bbeb5
http://git.kernel.org/stable/c/be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94672
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41012
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fcntl_setlk() function in fs/locks.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/b6d223942c34057fdfd8f149e763fa823731b224
http://git.kernel.org/stable/c/3cad1bc010416c6dd780643476bc59ed742436b9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95033
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41059
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hfsplus_listxattr() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/72805debec8f7aa342da194fe0ed7bc8febea335
http://git.kernel.org/stable/c/c733e24a61cbcff10f660041d6d84d32bb7e4cb4
http://git.kernel.org/stable/c/34f8efd2743f2d961e92e8e994de4c7a2f9e74a0
http://git.kernel.org/stable/c/d02d8c1dacafb28930c39e16d48e40bb6e4cbc70
http://git.kernel.org/stable/c/22999936b91ba545ce1fbbecae6895127945e91c
http://git.kernel.org/stable/c/f08956d8e0f80fd0d4ad84ec917302bb2f3a9c6a
http://git.kernel.org/stable/c/ad57dc2caf1e0a3c0a9904400fae7afbc9f74bb2
http://git.kernel.org/stable/c/0570730c16307a72f8241df12363f76600baf57d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94943
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41069
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the soc_tplg_dapm_graph_elems_load() function in sound/soc/soc-topology.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/b188d7f3dfab10e332e3c1066e18857964a520d2
http://git.kernel.org/stable/c/ab5a6208b4d6872b1c6ecea1867940fc668cc76d
http://git.kernel.org/stable/c/ccae5c6a1fab9494c86b7856faf05e296c617702
http://git.kernel.org/stable/c/97ab304ecd95c0b1703ff8c8c3956dc6e2afe8e1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94840
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41090
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/8be915fc5ff9a5e296f6538be12ea75a1a93bdea
http://git.kernel.org/stable/c/7431144b406ae82807eb87d8c98e518475b0450f
http://git.kernel.org/stable/c/e5e5e63c506b93b89b01f522b6a7343585f784e6
http://git.kernel.org/stable/c/ee93e6da30377cf2a75e16cd32bb9fcd86a61c46
http://git.kernel.org/stable/c/aa6a5704cab861c9b2ae9f475076e1881e87f5aa
http://git.kernel.org/stable/c/73d462a38d5f782b7c872fe9ae8393d9ef5483da
http://git.kernel.org/stable/c/e1a786b9bbb767fd1c922d424aaa8078cc542309
http://git.kernel.org/stable/c/ed7f2afdd0e043a397677e597ced0830b83ba0b3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94475
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48813
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vsc9959_mdio_bus_alloc() and vsc9959_mdio_bus_free() functions in drivers/net/dsa/ocelot/felix_vsc9959.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/95e5402f9430b3c7d885dd3ec4c8c02c17936923
http://git.kernel.org/stable/c/8cda7577a0b4018572f31e0caadfabd305ea2786
http://git.kernel.org/stable/c/9db6f056efd089e80d81c774c01b639adf30c097
http://git.kernel.org/stable/c/209bdb7ec6a28c7cdf580a0a98afbc9fc3b98932
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94444
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48811
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_crq_queue(), __ibmvnic_open() and ibmvnic_open() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/960dfaf3b578dd23af012590e809ae2d58ba1827
http://git.kernel.org/stable/c/e08cb9056fb2564d1f6bad789bdf79ab09bf2f81
http://git.kernel.org/stable/c/61772b0908c640d0309c40f7d41d062ca4e979fa
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92920
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48713
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pt_handle_status() function in arch/x86/events/intel/pt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/456f041e035913fcedb275aff6f8a71dfebcd394
http://git.kernel.org/stable/c/e83d941fd3445f660d2f43647c580a320cc384f6
http://git.kernel.org/stable/c/feffb6ae2c80b9a8206450cdef90f5943baced99
http://git.kernel.org/stable/c/1d9093457b243061a9bba23543c38726e864a643
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92304
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47616
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rxe_qp_from_init() function in drivers/infiniband/sw/rxe/rxe_qp.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/acb53e47db1fbc7cd37ab10b46388f045a76e383
http://git.kernel.org/stable/c/84b01721e8042cdd1e8ffeb648844a09cd4213e0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92929
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47617
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the pciehp_ist() function in drivers/pci/hotplug/pciehp_hpc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/ff27f7d0333cff89ec85c419f431aca1b38fb16a
http://git.kernel.org/stable/c/464da38ba827f670deac6500a1de9a4f0f44c41d
http://git.kernel.org/stable/c/3b4c966fb156ff3e70b2526d964952ff7c1574d9
http://git.kernel.org/stable/c/1db58c6584a72102e98af2e600ea184ddaf2b8af
http://git.kernel.org/stable/c/6d6f1f0dac3e3441ecdb1103d4efb11b9ed24dd5
http://git.kernel.org/stable/c/23584c1ed3e15a6f4bfab8dc5a88d94ab929ee12
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92918
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47618
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the obj-$() function in arch/arm/probes/kprobes/Makefile. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/1515e72aae803fc6b466adf918e71c4e4c9d5b3d
http://git.kernel.org/stable/c/ba1863be105b06e10d0e2f6b1b8a0570801cfc71
http://git.kernel.org/stable/c/8b59b0a53c840921b625378f137e88adfa87647e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92919
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47619
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_get_lump() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/d46fa4ea9756ef6cbcf9752d0832cc66e2d7121b
http://git.kernel.org/stable/c/be6998f232b8e4ca8225029e305b8329d89bfd59
http://git.kernel.org/stable/c/768eb705e6381f0c70ca29d4e66f19790d5d19a1
http://git.kernel.org/stable/c/00eddb0e4ea115154581d1049507a996acfc2d3e
http://git.kernel.org/stable/c/4b3aa858268b7b9aeef02e5f9c4cd8f8fac101c8
http://git.kernel.org/stable/c/92947844b8beee988c0ce17082b705c2f75f0742
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92905
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47620
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hci_le_adv_report_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/305e92f525450f3e1b5f5c9dc7eadb152d66a082
http://git.kernel.org/stable/c/7889b38a7f21ed19314f83194622b195d328465c
http://git.kernel.org/stable/c/5a539c08d743d9910631448da78af5e961664c0e
http://git.kernel.org/stable/c/8819f93cd4a443dfe547aa622b21f723757df3fb
http://git.kernel.org/stable/c/835d3706852537bf92eb23eb8635b8dee0c0aa67
http://git.kernel.org/stable/c/83d5196b65d1b29e27d7dd16a3b9b439fb1d2dba
http://git.kernel.org/stable/c/bcea886771c3f22a590c8c8b9139a107bd7f1e1c
http://git.kernel.org/stable/c/5c968affa804ba98c3c603f37ffea6fba618025e
http://git.kernel.org/stable/c/899663be5e75dc0174dc8bda0b5e6826edf0b29a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94457
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47622
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL_GPL(), ufshcd_hba_capabilities(), ufshcd_wait_for_dev_cmd(), ufshcd_exec_dev_cmd(), ufshcd_issue_devman_upiu_cmd() and ufshcd_init() functions in drivers/scsi/ufs/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/493c9e850677df8b4eda150c2364b1c1a72ed724
http://git.kernel.org/stable/c/d69d98d8edf90e25e4e09930dd36dd6d09dd6768
http://git.kernel.org/stable/c/945c3cca05d78351bba29fa65d93834cb7934c7b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94401
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47624
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rpc_sysfs_xprt_state_change() function in net/sunrpc/sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/4b22aa42bd4d2d630ef1854c139275c3532937cb
http://git.kernel.org/stable/c/5f6024c05a2c0fdd180b29395aaf686d25af3a0f
http://git.kernel.org/stable/c/776d794f28c95051bc70405a7b1fa40115658a18
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU63427
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0854
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due memory leak in the Linux kernel’s DMA subsystem when processing DMA_FROM_DEVICE calls. A local user can trigger a memory leak error and read random memory from the kernel space.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU67473
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20368
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the packet_recvmsg() function in Linux kernel. A local user can trigger an out-of-bounds read error and potentially escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://source.android.com/security/bulletin/pixel/2022-08-01
http://android.googlesource.com/kernel/common/+/a0046956bf6fe
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92925
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48711
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tipc_mon_rcv() function in net/tipc/monitor.c, within the tipc_link_proto_rcv() function in net/tipc/link.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/175db196e45d6f0e6047eccd09c8ba55465eb131
http://git.kernel.org/stable/c/fde4ddeadd099bf9fbb9ccbee8e1b5c20d530a2d
http://git.kernel.org/stable/c/f1af11edd08dd8376f7a84487cbb0ea8203e3a1d
http://git.kernel.org/stable/c/d692e3406e052dbf9f6d9da0cba36cb763272529
http://git.kernel.org/stable/c/3c7e5943553594f68bbc070683db6bb6f6e9e78e
http://git.kernel.org/stable/c/1f1788616157b0222b0c2153828b475d95e374a7
http://git.kernel.org/stable/c/59ff7514f8c56f166aadca49bcecfa028e0ad50f
http://git.kernel.org/stable/c/9aa422ad326634b76309e8ff342c246800621216
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92926
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48712
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ext4_fc_record_modified_inode(), ext4_fc_replay_inode(), ext4_fc_replay_add_range(), ext4_ext_replay_shrink_inode() and ext4_fc_replay_del_range() functions in fs/ext4/fast_commit.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/62e46e0ffc02daa8fcfc02f7a932cc8a19601b19
http://git.kernel.org/stable/c/1b6762ecdf3cf12113772427c904aa3c420a1802
http://git.kernel.org/stable/c/14aa3f49c7fc6424763f4323bfbc3a807b0727dc
http://git.kernel.org/stable/c/cdce59a1549190b66f8e3fe465c2b2f714b98a94
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93180
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48715
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnx2fc_l2_rcv_thread() and bnx2fc_recv_frame() functions in drivers/scsi/bnx2fc/bnx2fc_fcoe.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/3a345198a7c2d1db2526dc60b77052f75de019d3
http://git.kernel.org/stable/c/471085571f926a1fe6b1bed095638994dbf23990
http://git.kernel.org/stable/c/003bcee66a8f0e76157eb3af369c173151901d97
http://git.kernel.org/stable/c/53e4f71763c61a557283eb43301efd671922d1e8
http://git.kernel.org/stable/c/ec4334152dae175dbd8fd5bde1d2139bbe7b42d0
http://git.kernel.org/stable/c/2f5a1ac68bdf2899ce822ab845081922ea8c588e
http://git.kernel.org/stable/c/2d24336c7214b281b51860e54783dfc65f1248df
http://git.kernel.org/stable/c/936bd03405fc83ba039d42bc93ffd4b88418f1d3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92993
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47614
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the add_pble_prm() function in drivers/infiniband/hw/irdma/pble.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/11eebcf63e98fcf047a876a51d76afdabc3b8b9b
http://git.kernel.org/stable/c/1e11a39a82e95ce86f849f40dda0d9c0498cebd9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92907
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48717
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the speaker_gain_control_put() function in sound/soc/codecs/max9759.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/a0f49d12547d45ea8b0f356a96632dd503941c1e
http://git.kernel.org/stable/c/71e60c170105d153e34d01766c1e4db26a4b24cc
http://git.kernel.org/stable/c/5a45448ac95b715173edb1cd090ff24b6586d921
http://git.kernel.org/stable/c/baead410e5db49e962a67fffc17ac30e44b50b7c
http://git.kernel.org/stable/c/f114fd6165dfb52520755cc4d1c1dfbd447b88b6
http://git.kernel.org/stable/c/4c907bcd9dcd233da6707059d777ab389dcbd964
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92891
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48720
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the macsec_common_dellink() and macsec_dellink() functions in drivers/net/macsec.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/2e7f5b6ee1a7a2c628253a95b0a95b582901ef1b
http://git.kernel.org/stable/c/e7a0b3a0806dae3cc81931f0e83055ca2ac6f455
http://git.kernel.org/stable/c/8299be160aad8548071d080518712dec0df92bd5
http://git.kernel.org/stable/c/9cef24c8b76c1f6effe499d2f131807c90f7ce9a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92924
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48721
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smc_stat_fallback(), smc_switch_to_fallback() and smc_clcsock_data_ready() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/0ef6049f664941bc0f75828b3a61877635048b27
http://git.kernel.org/stable/c/504078fbe9dd570d685361b57784a6050bc40aaa
http://git.kernel.org/stable/c/341adeec9adad0874f29a0a1af35638207352a39
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92892
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48722
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ca8210_async_xmit_complete() function in drivers/net/ieee802154/ca8210.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/a1c277b0ed2a13e7de923b5f03bc23586eceb851
http://git.kernel.org/stable/c/d6a44feb2f28d71a7e725f72d09c97c81561cd9a
http://git.kernel.org/stable/c/6f38d3a6ec11c2733b1c641a46a2a2ecec57be08
http://git.kernel.org/stable/c/78b3f20c17cbcb7645bfa63f2ca0e11b53c09d56
http://git.kernel.org/stable/c/94cd597e20ed4acedb8f15f029d92998b011cb1a
http://git.kernel.org/stable/c/21feb6df3967541931242c427fe0958276af81cc
http://git.kernel.org/stable/c/621b24b09eb61c63f262da0c9c5f0e93348897e5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92893
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48723
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the uniphier_spi_probe() function in drivers/spi/spi-uniphier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/e895e067d73e154b1ebc84a124e00831e311d9b0
http://git.kernel.org/stable/c/dd00b4f8f768d81c3788a8ac88fdb3d745e55ea3
http://git.kernel.org/stable/c/447c3d4046d7b54052d07d8b27e15e6edea5662c
http://git.kernel.org/stable/c/37c2c83ca4f1ef4b6908181ac98e18360af89b42
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92880
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48724
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the intel_setup_irq_remapping() function in drivers/iommu/intel_irq_remapping.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/a0c685ba99961b1dd894b2e470e692a539770f6d
http://git.kernel.org/stable/c/a31cb1f0fb6caf46ffe88c41252b6b7a4ee062d9
http://git.kernel.org/stable/c/5c43d46daa0d2928234dd2792ebebc35d29ee2d1
http://git.kernel.org/stable/c/9d9995b0371e4e8c18d4f955479e5d47efe7b2d4
http://git.kernel.org/stable/c/336d096b62bdc673e852b6b80d5072d7888ce85d
http://git.kernel.org/stable/c/b62eceb5f8f08815fe3f945fc55bbf997c344ecd
http://git.kernel.org/stable/c/99e675d473eb8cf2deac1376a0f840222fc1adcf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92881
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48725
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the siw_create_qp() function in drivers/infiniband/sw/siw/siw_verbs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/2989ba9532babac66e79997ccff73c015b69700c
http://git.kernel.org/stable/c/fa3b844a50845c817660146c27c0fc29b08d3116
http://git.kernel.org/stable/c/a75badebfdc0b3823054bedf112edb54d6357c75
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92894
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48726
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ucma_alloc_ctx(), ucma_cleanup_multicast(), ucma_process_join(), mutex_unlock() and ucma_leave_multicast() functions in drivers/infiniband/core/ucma.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/75c610212b9f1756b9384911d3a2c347eee8031c
http://git.kernel.org/stable/c/2923948ffe0835f7114e948b35bcc42bc9b3baa1
http://git.kernel.org/stable/c/ee2477e8ccd3d978eeac0dc5a981b286d9bb7b0a
http://git.kernel.org/stable/c/36e8169ec973359f671f9ec7213547059cae972e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92939
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48727
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/arm64/kvm/hyp/include/hyp/switch.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/e1e852746997500f1873f60b954da5f02cc2dba3
http://git.kernel.org/stable/c/57e2986c3b25092691a6e3d6ee9168caf8978932
http://git.kernel.org/stable/c/1c71dbc8a179d99dd9bb7e7fc1888db613cf85de
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92908
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48728
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hfi1_ipoib_netdev_dtor() and hfi1_ipoib_setup_rn() functions in drivers/infiniband/hw/hfi1/ipoib_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/4a9bd1e6780fc59f81466ec3489d5ad535a37190
http://git.kernel.org/stable/c/a3dd4d2682f2a796121609e5f3bbeb1243198c53
http://git.kernel.org/stable/c/1899c3cad265c4583658aed5293d02e8af84276b
http://git.kernel.org/stable/c/5f8f55b92edd621f056bdf09e572092849fabd83
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92958
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48729
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hfi1_ipoib_txreq_init() function in drivers/infiniband/hw/hfi1/ipoib_tx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/1530d84fba1e459ba55f46aa42649b88773210e7
http://git.kernel.org/stable/c/8c83d39cc730378bbac64d67a551897b203a606e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92357
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47615
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5_ib_dereg_mr(), mlx5_ib_alloc_pi_mr() and __mlx5_ib_alloc_mr() functions in drivers/infiniband/hw/mlx5/mr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701
http://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9
http://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92339
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47612
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfc_genl_dump_devices_done() function in net/nfc/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/ea55b3797878752aa076b118afb727dcf79cac34
http://git.kernel.org/stable/c/214af18abbe39db05beb305b2d11e87d09a6529c
http://git.kernel.org/stable/c/6644989642844de830f9b072cd65c553cb55946c
http://git.kernel.org/stable/c/2a8845b9603c545fddd17862282dc4c4ce0971e3
http://git.kernel.org/stable/c/d731ecc6f2eaec68f4ad1542283bbc7d07bd0112
http://git.kernel.org/stable/c/c602863ad28ec86794cb4ab4edea5324f555f181
http://git.kernel.org/stable/c/d89e4211b51752daf063d638af50abed2fd5f96d
http://git.kernel.org/stable/c/fd79a0cbf0b2e34bcc45b13acf962e2032a82203
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92927
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48732
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the nvbios_addr() function in drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/d4b746e60fd8eaa8016e144223abe91158edcdad
http://git.kernel.org/stable/c/909d3ec1bf9f0ec534bfc081b77c0836fea7b0e2
http://git.kernel.org/stable/c/b2a21669ee98aafc41c6d42ef15af4dab9e6e882
http://git.kernel.org/stable/c/acc887ba88333f5fec49631f12d8cc7ebd95781c
http://git.kernel.org/stable/c/f071d9fa857582d7bd77f4906691f73d3edeab73
http://git.kernel.org/stable/c/d877e814a62b7de9069aeff8bc1d979dfc996e06
http://git.kernel.org/stable/c/e7c36fa8a1e63b08312162179c78a0c7795ea369
http://git.kernel.org/stable/c/1b777d4d9e383d2744fc9b3a09af6ec1893c8b1a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92315
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47586
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rk_gmac_setup() function in drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/0b4a5d1e15ce72f69be48f38dc0401dab890ae0f
http://git.kernel.org/stable/c/0546b224cc7717cc8a2db076b0bb069a9c430794
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59131
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-4235
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows a local user to delete or modify arbitrary files on the system.
The vulnerability exists due to a race condition in shadow-utils when executing usermod/userdel operations. A local user with write access to the directory that is being moved or deleted by the usermod/userdel commands can modify or delete arbitrary files on the system.
Successful exploitation of the vulnerability may allow an attacker to corrupt arbitrary files on the system and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://access.redhat.com/security/cve/cve-2013-4235
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
http://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
http://security-tracker.debian.org/tracker/CVE-2013-4235
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92900
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4439
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the detach_capi_ctr() function in drivers/isdn/capi/kcapi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/e8b8de17e164c9f1b7777f1c6f99d05539000036
http://git.kernel.org/stable/c/24219a977bfe3d658687e45615c70998acdbac5a
http://git.kernel.org/stable/c/9b6b2db77bc3121fe435f1d4b56e34de443bec75
http://git.kernel.org/stable/c/7d91adc0ccb060ce564103315189466eb822cc6a
http://git.kernel.org/stable/c/285e9210b1fab96a11c0be3ed5cea9dd48b6ac54
http://git.kernel.org/stable/c/7f221ccbee4ec662e2292d490a43ce6c314c4594
http://git.kernel.org/stable/c/cc20226e218a2375d50dd9ac14fb4121b43375ff
http://git.kernel.org/stable/c/1f3e2e97c003f80c4b087092b225c8787ff91e4d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91617
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47534
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vc4_atomic_commit_tail() function in drivers/gpu/drm/vc4/vc4_kms.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/53f9601e908d42481addd67cdb01a9288c611124
http://git.kernel.org/stable/c/049cfff8d53a30cae3349ff71a4c01b7d9981bc2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92299
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47576
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the resp_mode_select() function in drivers/scsi/scsi_debug.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/adcecd50da6cab7b4957cba0606771dcc846c5a9
http://git.kernel.org/stable/c/90491283b4064220682e4b0687d07b05df01e3bf
http://git.kernel.org/stable/c/04181973c38f3d6a353f9246dcf7fee08024fd9e
http://git.kernel.org/stable/c/b847ecff850719c46c95acd25a0d555dfd16e10d
http://git.kernel.org/stable/c/a9078e791426c2cbbdf28a320c3670f6e0a611e6
http://git.kernel.org/stable/c/dfc3fff63793c571147930b13c0f8c689c4281ac
http://git.kernel.org/stable/c/e0a2c28da11e2c2b963fc01d50acbf03045ac732
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92340
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47578
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the resp_verify() and resp_report_zones() functions in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/aa1f912712a109b6306746133de7e5343f016b26
http://git.kernel.org/stable/c/47d11d35203b0aa13533634e270fe2c3610e531b
http://git.kernel.org/stable/c/3344b58b53a76199dae48faa396e9fc37bf86992
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92318
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47580
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the p_fill_from_dev_buffer(), resp_inquiry(), resp_requests(), resp_mode_sense(), resp_ie_l_pg(), resp_log_sense() and resp_report_zones() functions in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/bdb854f134b964528fa543e0351022eb45bd7346
http://git.kernel.org/stable/c/3085147645938eb41f0bc0e25ef9791e71f5ee4b
http://git.kernel.org/stable/c/36e07d7ede88a1f1ef8f0f209af5b7612324ac2c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93277
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47582
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the usbdev_release(), do_proc_control() and do_proc_bulk() functions in drivers/usb/core/devio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/403716741c6c2c510dce44e88f085a740f535de6
http://git.kernel.org/stable/c/ae8709b296d80c7f45aa1f35c0e7659ad69edce1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92933
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47583
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mxl111sf_init() and mxl111sf_get_stream_config_dvbt() functions in drivers/media/usb/dvb-usb-v2/mxl111sf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/4b2d9600b31f9ba7adbc9f3c54a068615d27b390
http://git.kernel.org/stable/c/96f182c9f48b984447741f054ec301fdc8517035
http://git.kernel.org/stable/c/b99bdf127af91d53919e96292c05f737c45ea59a
http://git.kernel.org/stable/c/8c6fdf62bfe1bc72bfceeaf832ef7499c7ed09ba
http://git.kernel.org/stable/c/44870a9e7a3c24acbb3f888b2a7cc22c9bdf7e7f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92379
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47584
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the ioc_timer_fn() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/a7c80674538f15f85d68138240aae440b8039519
http://git.kernel.org/stable/c/3a1a4eb574178c21241a6200f4785572e661c472
http://git.kernel.org/stable/c/edaa26334c117a584add6053f48d63a988d25a6e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92290
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47585
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/005d9292b5b2e71a009f911bd85d755009b37242
http://git.kernel.org/stable/c/493ff661d434d6bdf02e3a21adae04d7a0b4265d
http://git.kernel.org/stable/c/f35838a6930296fc1988764cfa54cb3f705c0665
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92353
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47587
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tdma_port_write_desc_addr() and bcm_sysport_open() functions in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/8ed2f5d08d6e59f8c78b2869bfb95d0be32c094c
http://git.kernel.org/stable/c/de57f62f76450b934de8203711bdc4f7953c3421
http://git.kernel.org/stable/c/f3fde37d3f0d429f0fcce214cb52588a9e21260e
http://git.kernel.org/stable/c/595a684fa6f23b21958379a18cfa83862c73c2e1
http://git.kernel.org/stable/c/c675256a7f131f5ba3f331efb715e8f31ea0e392
http://git.kernel.org/stable/c/6e1011cd183faae8daff275c72444edcdfe0d473
http://git.kernel.org/stable/c/eb4687c7442942e115420a30185f8d83faf37696
http://git.kernel.org/stable/c/8b8e6e782456f1ce02a7ae914bbd5b1053f0b034
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93309
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47611
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee802_11_parse_elems_crc() function in net/mac80211/util.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/03029bb044ccee60adbc93e70713f3ae58abc3a1
http://git.kernel.org/stable/c/a19cf6844b509d44ecbd536f33d314d91ecdd2b5
http://git.kernel.org/stable/c/7fd214fc7f2ee3a89f91e717e3cfad55f5a27045
http://git.kernel.org/stable/c/c62b16f98688ae7bc0ab23a6490481f4ce9b3a49
http://git.kernel.org/stable/c/768c0b19b50665e337c96858aa2b7928d6dcf756
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92300
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47589
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the igbvf_probe() function in drivers/net/ethernet/intel/igbvf/netdev.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/ffe1695b678729edec04037e691007900a2b2beb
http://git.kernel.org/stable/c/79d9b092035dcdbe636b70433149df9cc6db1e49
http://git.kernel.org/stable/c/8d0c927a9fb2b4065230936b77b54f857a3754fc
http://git.kernel.org/stable/c/cc9b655bb84f1be283293dfea94dff9a31b106ac
http://git.kernel.org/stable/c/8addba6cab94ce01686ea2e80ed1530f9dc33a9a
http://git.kernel.org/stable/c/74a16e062b23332d8db017ff4a41e16279c44411
http://git.kernel.org/stable/c/944b8be08131f5faf2cd2440aa1c24a39a163a54
http://git.kernel.org/stable/c/b6d335a60dc624c0d279333b22c737faa765b028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92334
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47592
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tc_setup_cls_u32(), tc_init(), tc_del_flow() and tc_add_vlan_flow() functions in drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/97cb5c82aa1dd85a39b1bd021c8b5f18af623779
http://git.kernel.org/stable/c/aeb7c75cb77478fdbf821628e9c95c4baa9adc63
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92301
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47596
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hclgevf_send_mbx_msg() function in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/12512bc8f25b8ba9795dfbae0e9ca57ff13fd542
http://git.kernel.org/stable/c/4f4a353f6fe033807cd026a5de81c67469ff19b0
http://git.kernel.org/stable/c/27cbf64a766e86f068ce6214f04c00ceb4db1af4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92934
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47597
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the inet_sk_diag_fill() function in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/7b5596e531253ce84213d9daa7120b71c9d83198
http://git.kernel.org/stable/c/3a4f6dba1eb98101abc012ef968a8b10dac1ce50
http://git.kernel.org/stable/c/e5d28205bf1de7082d904ed277ceb2db2879e302
http://git.kernel.org/stable/c/71ddeac8cd1d217744a0e060ff520e147c9328d1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92302
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47598
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cake_init() function in net/sched/sch_cake.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/4e388232e630ebe4f94b4a0715ec98c0e2b314a3
http://git.kernel.org/stable/c/0d80462fbdcafd536dcad7569e65d3d14a7e9f2f
http://git.kernel.org/stable/c/20ad1ef02f9ad5e1dda9eeb113e4c158b4806986
http://git.kernel.org/stable/c/f6deae2e2d83bd267e1986f5d71d8c458e18fd99
http://git.kernel.org/stable/c/ab443c53916730862cec202078d36fd4008bea79
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92303
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47600
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rebalance_children() function in drivers/md/persistent-data/dm-btree-remove.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/a48f6a2bf33734ec5669ee03067dfb6c5b4818d6
http://git.kernel.org/stable/c/66ea642af6fd4eacb5d0271a922130fcf8700424
http://git.kernel.org/stable/c/b03abd0aa09c05099f537cb05b8460c4298f0861
http://git.kernel.org/stable/c/293f957be5e39720778fb1851ced7f5fba6d51c3
http://git.kernel.org/stable/c/501ecd90efdc9b2edc6c28852ecd098a4adf8f00
http://git.kernel.org/stable/c/0e21e6cd5eebfc929ac5fa3b97ca2d4ace3cb6a3
http://git.kernel.org/stable/c/607beb420b3fe23b948a9bf447d993521a02fbbb
http://git.kernel.org/stable/c/1b8d2789dad0005fd5e7d35dab26a8e1203fb6da
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92337
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47601
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the copy_ta_binary() function in drivers/tee/amdtee/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/640e28d618e82be78fb43b4bf5113bc90d6aa442
http://git.kernel.org/stable/c/832f3655c6138c23576ed268e31cc76e0f05f2b1
http://git.kernel.org/stable/c/9d7482771fac8d8e38e763263f2ca0ca12dd22c6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92372
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47602
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_sta_tx_wmm_ac_notify() function in net/mac80211/mlme.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/69f054d6642c8f6173724ce17e7ee3ff66b8f682
http://git.kernel.org/stable/c/46b9e29db2012a4d2a40a26101862e002ccf387b
http://git.kernel.org/stable/c/eed897a22230e3231a740eddd7d6d95ba476625f
http://git.kernel.org/stable/c/42d08e97b196479f593499e887a9ab81446a34b9
http://git.kernel.org/stable/c/d5e568c3a4ec2ddd23e7dc5ad5b0c64e4f22981a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92355
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47603
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kauditd_send_queue() and audit_net_init() functions in kernel/audit.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/75fdb751f84727d614deea0571a1490c3225d83a
http://git.kernel.org/stable/c/8389f50ceb854cb437fefb9330d5024ed3c7c1f5
http://git.kernel.org/stable/c/0d3277eabd542fb662be23696e5ec9f390d688e1
http://git.kernel.org/stable/c/4cc6badff97f74d0fce65f9784b5df3b64e4250b
http://git.kernel.org/stable/c/a5f4d17daf2e6cd7c1d9676b476147f6b4ac53f2
http://git.kernel.org/stable/c/f4b3ee3c85551d2d343a3ba159304066523f730f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92291
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47607
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the check_atomic() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/f87a6c160ecc8c7b417d25f508d3f076fe346136
http://git.kernel.org/stable/c/a82fe085f344ef20b452cd5f481010ff96b5c4cd
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92292
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47608
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the check_atomic() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/423628125a484538111c2c6d9bb1588eb086053b
http://git.kernel.org/stable/c/7d3baf0afa3aa9102d6a521a8e4c41888bb79882
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93303
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47609
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scpi_pm_domain_probe() function in drivers/firmware/scpi_pm_domain.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/639901b9429a3195e0fead981ed74b51f5f31538
http://git.kernel.org/stable/c/4694b1ec425a2d20d6f8ca3db594829fdf5f2672
http://git.kernel.org/stable/c/7e8645ca2c0046f7cd2f0f7d569fc036c8abaedb
http://git.kernel.org/stable/c/802a1a8501563714a5fe8824f4ed27fec04a0719
http://git.kernel.org/stable/c/f0f484714f35d24ffa0ecb4afe3df1c5b225411d
http://git.kernel.org/stable/c/976389cbb16cee46847e5d06250a3a0b5506781e
http://git.kernel.org/stable/c/865ed67ab955428b9aa771d8b4f1e4fb7fd08945
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92882
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48730
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dma_heap_ioctl() function in drivers/dma-buf/dma-heap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/5d40f1bdad3dd1a177f21a90ad4353c1ed40ba3a
http://git.kernel.org/stable/c/24f8e12d965b24f8aea762589e0e9fe2025c005e
http://git.kernel.org/stable/c/cc8f7940d9c2d45f67b3d1a2f2b7a829ca561bed
http://git.kernel.org/stable/c/92c4cfaee6872038563c5b6f2e8e613f9d84d47d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92922
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48734
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the btrfs_quota_disable() and qgroup_rescan_init() functions in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/26b3901d20bf9da2c6a00cb1fb48932166f80a45
http://git.kernel.org/stable/c/32747e01436aac8ef93fe85b5b523b4f3b52f040
http://git.kernel.org/stable/c/89d4cca583fc9594ee7d1a0bc986886d6fb587e6
http://git.kernel.org/stable/c/31198e58c09e21d4f65c49d2361f76b87aca4c3f
http://git.kernel.org/stable/c/e804861bd4e69cc5fe1053eedcb024982dde8e48
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94433
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48807
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ice_lag_unlink() and ice_lag_event_handler() functions in drivers/net/ethernet/intel/ice/ice_lag.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/f9daedc3ab8f673e3a9374b91a89fbf1174df469
http://git.kernel.org/stable/c/faa9bcf700ca1a0d09f92502a6b65d3ce313fb46
http://git.kernel.org/stable/c/bea1898f65b9b7096cb4e73e97c83b94718f1fa1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94420
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48792
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mpi_ssp_completion() and mpi_sata_completion() functions in drivers/scsi/pm8001/pm80xx_hwi.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/fe9ac3eaa2e387a5742b380b73a5a6bc237bf184
http://git.kernel.org/stable/c/d9d93f32534a0a80a1c26bdb0746d90a7b19c2c2
http://git.kernel.org/stable/c/f61f9fccb2cb4bb275674a79d638704db6bc2171
http://git.kernel.org/stable/c/df7abcaa1246e2537ab4016077b5443bb3c09378
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94459
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48777
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the parse_qcomsmem_part() function in drivers/mtd/parsers/qcomsmempart.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/eb03cb6e03ffd9173e18e5fe87e4e3ce83820453
http://git.kernel.org/stable/c/a2995fe23095ceda2dc382fbe057f5e164595548
http://git.kernel.org/stable/c/65d003cca335cabc0160d3cd7daa689eaa9dd3cd
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94407
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48778
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gpmi_nfc_exec_op() and pm_runtime_mark_last_busy() functions in drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/4cd3281a910a5adf73b2a0a82241dd67844d0b25
http://git.kernel.org/stable/c/a4eeeaca50199e3f19eb13ac3b7e0bbb93e22de4
http://git.kernel.org/stable/c/4a7ec50298b1127c5024a750c969ea0794899545
http://git.kernel.org/stable/c/58d3111eafce9e4398654b07f0b1dac27f26ee5b
http://git.kernel.org/stable/c/9161f365c91614e5a3f5c6dcc44c3b1b33bc59c0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94470
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48780
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the smc_fback_error_report() and smc_switch_to_fallback() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/7de7ba7a8bd4fde0141de8674c13514d0072f0e6
http://git.kernel.org/stable/c/f00b6c976ae0dfbd9b891175f713f59095d23842
http://git.kernel.org/stable/c/1de9770d121ee9294794cca0e0be8fbfa0134ee8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94426
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48783
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gswip_remove() function in drivers/net/dsa/lantiq_gswip.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/f48bd34137718042872d06f2c7332b3267a29165
http://git.kernel.org/stable/c/df2495f329b08ac0d0d3e6334a01955ae839005e
http://git.kernel.org/stable/c/c61f599b8d33adfa256126a6695c734c0de331cb
http://git.kernel.org/stable/c/8c6ae46150a453f8ae9a6cd49b45f354f478587d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94449
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48784
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cfg80211_event_work() function in net/wireless/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/241e633cb379c4f332fc1baf2abec95ec840cbeb
http://git.kernel.org/stable/c/c979f792a2baf6d0f3419587668a1a6eba46a3d2
http://git.kernel.org/stable/c/f0a6fd1527067da537e9c48390237488719948ed
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94455
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48786
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vsock_stream_connect() function in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/0bb88f3f7e8d506f3efe46d694964117e20efbfc
http://git.kernel.org/stable/c/e3b3939fd137aab6d00d54bee0ee9244b286a608
http://git.kernel.org/stable/c/2910bcb9f67551a45397735e47b6d456eb8cd549
http://git.kernel.org/stable/c/5f326fe2aef411a6575628f92bd861463ea91df7
http://git.kernel.org/stable/c/87cd1bbd6677411e17369cd4b7389ab1e1fdba44
http://git.kernel.org/stable/c/787468ee7a435777521d33399d012fd591ae2f94
http://git.kernel.org/stable/c/addd62a8cb6fa90aa322365c62487da61f6baab8
http://git.kernel.org/stable/c/b9208492fcaecff8f43915529ae34b3bcb03877c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94425
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48787
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iwl_req_fw_callback() function in drivers/net/wireless/intel/iwlwifi/iwl-drv.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/d3b98fe36f8a06ce654049540773256ab59cb53d
http://git.kernel.org/stable/c/7d6475179b85a83186ccce59cdc359d4f07d0bcb
http://git.kernel.org/stable/c/494de920d98f125b099f27a2d274850750aff957
http://git.kernel.org/stable/c/008508c16af0087cda0394e1ac6f0493b01b6063
http://git.kernel.org/stable/c/ddd46059f7d99119b62d44c519df7a79f2e6a515
http://git.kernel.org/stable/c/9958b9cbb22145295ee1ffaea0904c383da2c05d
http://git.kernel.org/stable/c/bea2662e7818e15d7607d17d57912ac984275d94
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94424
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48788
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_rdma_error_recovery_work() function in drivers/nvme/host/rdma.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/5593f72d1922403c11749532e3a0aa4cf61414e9
http://git.kernel.org/stable/c/d411b2a5da68b8a130c23097014434ac140a2ace
http://git.kernel.org/stable/c/324f5bdc52ecb6a6dadb31a62823ef8c709d1439
http://git.kernel.org/stable/c/646952b2210f19e584d2bf9eb5d092abdca2fcc1
http://git.kernel.org/stable/c/ea86027ac467a055849c4945906f799e7f65ab99
http://git.kernel.org/stable/c/b6bb1722f34bbdbabed27acdceaf585d300c5fd2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94423
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48789
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_tcp_error_recovery_work() function in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/61a26ffd5ad3ece456d74c4c79f7b5e3f440a141
http://git.kernel.org/stable/c/e192184cf8bce8dd55d619f5611a2eaba996fa05
http://git.kernel.org/stable/c/5e42fca37ccc76f39f73732661bd47254cad5982
http://git.kernel.org/stable/c/bb0d8fb35c4ff00a503c2c4dca4cce8d102a21c4
http://git.kernel.org/stable/c/ff9fc7ebf5c06de1ef72a69f9b1ab40af8b07f9e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94422
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48790
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_async_event_work() function in drivers/nvme/host/core.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/a25e460fbb0340488d119fb2e28fe3f829b7417e
http://git.kernel.org/stable/c/70356b756a58704e5c8818cb09da5854af87e765
http://git.kernel.org/stable/c/0ead57ceb21bbf15963b4874c2ac67143455382f
http://git.kernel.org/stable/c/e043fb5a0336ee74614e26f0d9f36f1f5bb6d606
http://git.kernel.org/stable/c/9e956a2596ae276124ef0d96829c013dd0faf861
http://git.kernel.org/stable/c/0fa0f99fc84e41057cbdd2efbfe91c6b2f47dd9d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94421
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48791
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pm8001_exec_internal_tmf_task() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/d872e7b5fe38f325f5206b6872746fa02c2b4819
http://git.kernel.org/stable/c/3c334cdfd94945b8edb94022a0371a8665b17366
http://git.kernel.org/stable/c/510b21442c3a2e3ecc071ba3e666b320e7acdd61
http://git.kernel.org/stable/c/61f162aa4381845acbdc7f2be4dfb694d027c018
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94441
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48793
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the svm_set_nested_state() function in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/74b426bea4f7e3b081add2b88d4fba16d3af7ab6
http://git.kernel.org/stable/c/352193edda48e08e8824a7ece09aec830a603cfe
http://git.kernel.org/stable/c/e1779c2714c3023e4629825762bcbc43a3b943df
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94408
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48775
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vmbus_add_channel_kobj() function in drivers/hv/vmbus_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/417947891bd5ae327f15efed1a0da2b12ef24962
http://git.kernel.org/stable/c/fe595759c2a4a5bb41c438474f15947d8ae32f5c
http://git.kernel.org/stable/c/91d8866ca55232d21995a3d54fac96de33c9e20c
http://git.kernel.org/stable/c/c377e2ba78d3fe9a1f0b4ec424e75f81da7e81e9
http://git.kernel.org/stable/c/92e25b637cd4e010f776c86e4810300e773eac5c
http://git.kernel.org/stable/c/8bc69f86328e87a0ffa79438430cc82f3aa6a194
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94406
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48794
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the at86rf230_async_error_recover_complete() and at86rf230_async_error_recover() functions in drivers/net/ieee802154/at86rf230.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/d2a1eaf51b7d4412319adb6acef114ba472d1692
http://git.kernel.org/stable/c/af649e5c95f56df64363bc46f6746b87819f9c0d
http://git.kernel.org/stable/c/6312f6a53fd3ea38125dcaca5e3c9aa7d8a60cf7
http://git.kernel.org/stable/c/455ef08d6e5473526fa6763f75a93f7198206966
http://git.kernel.org/stable/c/0fd484644c68897c490a3307bfcc8bf767df5a43
http://git.kernel.org/stable/c/23b2a25382400168427ea278f3d8bf4ecfd333bf
http://git.kernel.org/stable/c/1c72f04d52b7200bb83426a9bed378668271ea4a
http://git.kernel.org/stable/c/e5ce576d45bf72fd0e3dc37eff897bfcc488f6a9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94419
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48796
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dev_iommu_get() function in drivers/iommu/iommu.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/cb86e511e78e796de6947b8f3acca1b7c76fb2ff
http://git.kernel.org/stable/c/65ab30f6a6952fa9ee13009862736cf8d110e6e5
http://git.kernel.org/stable/c/f74fc4b5bd533ea3d30ce47cccb8ef8d21fda85a
http://git.kernel.org/stable/c/b54240ad494300ff0994c4539a531727874381f4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94477
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48797
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the change_pte_range() function in mm/mprotect.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/254090925e16abd914c87b4ad1b489440d89c4c3
http://git.kernel.org/stable/c/b3dc4b9d3ca68b370c4aeab5355007eedf948849
http://git.kernel.org/stable/c/d187eeb02d18446e5e54ed6bcbf8b47e6551daea
http://git.kernel.org/stable/c/80d47f5de5e311cbc0d01ebb6ee684e8f4c196c6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94490
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48798
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the io_subchannel_chp_event() function in drivers/s390/cio/device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/fe990b7bf6ac93f1d850d076b8f0e758268aa4ab
http://git.kernel.org/stable/c/a0619027f11590b2070624297530c34dc7f91bcd
http://git.kernel.org/stable/c/dd9cb842fa9d90653a9b48aba52f89c069f3bc50
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94478
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48799
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the DEFINE_PER_CPU() and perf_cgroup_switch() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/5d76ed4223403f90421782adb2f20a9ecbc93186
http://git.kernel.org/stable/c/30d9f3cbe47e1018ddc8069ac5b5c9e66fbdf727
http://git.kernel.org/stable/c/a2ed7b29d0673ba361546e2d87dbbed149456c45
http://git.kernel.org/stable/c/f6b5d51976fcefef5732da3e3feb3ccff680f7c8
http://git.kernel.org/stable/c/7969fe91c9830e045901970e9d755b7505881d4a
http://git.kernel.org/stable/c/2142bc1469a316fddd10012d76428f7265258f81
http://git.kernel.org/stable/c/5f4e5ce638e6a490b976ade4a40017b40abb2da0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94454
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48800
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reclaim_throttle() function in mm/vmscan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/3980cff6349687f73d5109f156f23cb261c24164
http://git.kernel.org/stable/c/b485c6f1f9f54b81443efda5f3d8a5036ba2cd91
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94416
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48801
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iio_device_buffer_getfd() function in drivers/iio/industrialio-buffer.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/b7f54894aa7517d2b6c797a499b9f491e9db9083
http://git.kernel.org/stable/c/202071d2518537866d291aa7cf26af54e674f4d4
http://git.kernel.org/stable/c/c72ea20503610a4a7ba26c769357d31602769c01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94460
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48802
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the smaps_page_accumulate(), smaps_account(), smaps_pte_entry(), smaps_pmd_entry(), pte_to_pagemap_entry() and pagemap_pmd_range() functions in fs/proc/task_mmu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/db3f3636e4aed2cba3e4e7897a053323f7a62249
http://git.kernel.org/stable/c/a8dd0cfa37792863b6c4bf9542975212a6715d49
http://git.kernel.org/stable/c/05d3f8045efa59457b323caf00bdb9273b7962fa
http://git.kernel.org/stable/c/24d7275ce2791829953ed4e72f68277ceb2571c6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94430
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48803
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/phy/ti/phy-j721e-wiz.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/3c75d1017cb362b6a4e0935746ef5da28250919f
http://git.kernel.org/stable/c/7a360e546ad9e7c3fd53d6bb60348c660cd28f54
http://git.kernel.org/stable/c/5b0c9569135a37348c1267c81e8b0274b21a86ed
http://git.kernel.org/stable/c/6d1e6bcb31663ee83aaea1f171f3dbfe95dd4a69
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94431
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48804
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vt_ioctl() function in drivers/tty/vt/vt_ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/830c5aa302ec16b4ee641aec769462c37f802c90
http://git.kernel.org/stable/c/2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0
http://git.kernel.org/stable/c/170325aba4608bde3e7d21c9c19b7bc266ac0885
http://git.kernel.org/stable/c/ae3d57411562260ee3f4fd5e875f410002341104
http://git.kernel.org/stable/c/778302ca09498b448620edd372dc908bebf80bdf
http://git.kernel.org/stable/c/ffe54289b02e9c732d6f04c8ebbe3b2d90d32118
http://git.kernel.org/stable/c/6550bdf52846f85a2a3726a5aa0c7c4399f2fc02
http://git.kernel.org/stable/c/61cc70d9e8ef5b042d4ed87994d20100ec8896d9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94432
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48805
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ax88179_rx_fixup() function in drivers/net/usb/ax88179_178a.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/711b6bf3fb052f0a6b5b3205d50e30c0c2980382
http://git.kernel.org/stable/c/63f0cfb36c1f1964a59ce544156677601e2d8740
http://git.kernel.org/stable/c/1668781ed24da43498799aa4f65714a7de201930
http://git.kernel.org/stable/c/a0fd5492ee769029a636f1fb521716b022b1423d
http://git.kernel.org/stable/c/758290defe93a865a2880d10c5d5abd288b64b5d
http://git.kernel.org/stable/c/ffd0393adcdcefab7e131488e10dcfde5e02d6eb
http://git.kernel.org/stable/c/9681823f96a811268265f35307072ad80713c274
http://git.kernel.org/stable/c/57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94467
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48806
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ee1004_eeprom_read() function in drivers/misc/eeprom/ee1004.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/3937c35493ee2847aaefcfa5460e94b7443eef49
http://git.kernel.org/stable/c/a37960df7eac3cc8094bd1ab84864e9e32c91345
http://git.kernel.org/stable/c/9a5f471ae380f9fcb9756d453c12ca1f8595a93c
http://git.kernel.org/stable/c/9443ddeb3754e9e382a396b50adc1961301713ce
http://git.kernel.org/stable/c/c0689e46be23160d925dca95dfc411f1a0462708
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94491
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48776
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the parse_qcomsmem_cleanup() function in drivers/mtd/parsers/qcomsmempart.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/3eb5185896a68373714dc7d0009111744adc3345
http://git.kernel.org/stable/c/1b37889f9a151d26a3fb0d3870f6e1046dee2e24
http://git.kernel.org/stable/c/3dd8ba961b9356c4113b96541c752c73d98fef70
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94409
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48774
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pt_core_init() function in drivers/dma/ptdma/ptdma-dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/3e41445287afa3cf6d572778e5aab31d25e60a8d
http://git.kernel.org/stable/c/d7de1e4820c5a42441ff7276174c8c0e63575c1b
http://git.kernel.org/stable/c/3c62fd3406e0b2277c76a6984d3979c7f3f1d129
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92896
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48735
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_hda_gen_spec_free() and create_mute_led_cdev() functions in sound/pci/hda/hda_generic.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/a7de1002135cf94367748ffc695a29812d7633b5
http://git.kernel.org/stable/c/0e629052f013eeb61494d4df2f1f647c2a9aef47
http://git.kernel.org/stable/c/813e9f3e06d22e29872d4fd51b54992d89cf66c8
http://git.kernel.org/stable/c/549f8ffc7b2f7561bea7f90930b6c5104318e87b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92914
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48751
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smc_stat_fallback(), smc_switch_to_fallback(), smc_listen_decline(), smc_listen_work(), smc_sendmsg(), smc_setsockopt() and smc_getsockopt() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/38f0bdd548fd2ef5d481b88d8a2bfef968452e34
http://git.kernel.org/stable/c/4284225cd8001e134f5cf533a7cd244bbb654d0f
http://git.kernel.org/stable/c/c0bf3d8a943b6f2e912b7c1de03e2ef28e76f760
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92901
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48736
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_xr_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/17e16a66b4f9a310713d8599e6e1ca4a0c9fd28c
http://git.kernel.org/stable/c/54abca038e287d3746dd40016514670a7f654c5c
http://git.kernel.org/stable/c/7659f25a80e6affb784b690df8994b79b4212fd4
http://git.kernel.org/stable/c/fd9a23319f16e7031f0d8c98eed6e093c2927229
http://git.kernel.org/stable/c/6877f87579ed830f9ff6d478539074f035d04bfb
http://git.kernel.org/stable/c/b0a7836ecf1345814a7d8ef748fb797c520dad18
http://git.kernel.org/stable/c/e09cf398e8c6db69c620b6d8073abc4377a07af5
http://git.kernel.org/stable/c/4cf28e9ae6e2e11a044be1bcbcfa1b0d8675fe4d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92902
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48737
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_volsw_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/9e5c40b5706d8aae2cf70bd7e01f0b4575a642d0
http://git.kernel.org/stable/c/4977491e4b3aad8567f57e2a9992d251410c1db3
http://git.kernel.org/stable/c/9a12fcbf3c622f9bf6b110a873d62b0cba93972e
http://git.kernel.org/stable/c/c33402b056de61104b6146dedbe138ca8d7ec62b
http://git.kernel.org/stable/c/038f8b7caa74d29e020949a43ca368c93f6b29b9
http://git.kernel.org/stable/c/e8e07c5e25a29e2a6f119fd947f55d7a55eb8a13
http://git.kernel.org/stable/c/ef6cd9eeb38062a145802b7b56be7ae1090e165e
http://git.kernel.org/stable/c/4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92903
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48738
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_volsw() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/40f598698129b5ceaf31012f9501b775c7b6e57d
http://git.kernel.org/stable/c/586ef863c94354a7e00e5ae5ef01443d1dc99bc7
http://git.kernel.org/stable/c/65a61b1f56f5386486757930069fbdce94af08bf
http://git.kernel.org/stable/c/68fd718724284788fc5f379e0b7cac541429ece7
http://git.kernel.org/stable/c/a9394f21fba027147bf275b083c77955864c366a
http://git.kernel.org/stable/c/9e8895f1b3d4433f6d78aa6578e9db61ca6e6830
http://git.kernel.org/stable/c/bb72d2dda85564c66d909108ea6903937a41679d
http://git.kernel.org/stable/c/817f7c9335ec01e0f5e8caffc4f1dcd5e458a4c0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92904
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48739
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the include/uapi/sound/asound.h, sound/soc/codecs/hdmi-codec.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/10007bd96b6c4c3cfaea9e76c311b06a07a5e260
http://git.kernel.org/stable/c/1552e66be325a21d7eff49f46013fb402165a0ac
http://git.kernel.org/stable/c/06feec6005c9d9500cd286ec440aabf8b2ddd94d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92909
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48740
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cond_list_destroy() and cond_read_list() functions in security/selinux/ss/conditional.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/f446089a268c8fc6908488e991d28a9b936293db
http://git.kernel.org/stable/c/70caa32e6d81f45f0702070c0e4dfe945e92fbd7
http://git.kernel.org/stable/c/7ed9cbf7ac0d4ed86b356e1b944304ae9ee450d4
http://git.kernel.org/stable/c/186edf7e368c40d06cf727a1ad14698ea67b74ad
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92928
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48743
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the xgbe_rx_buf2_len() function in drivers/net/ethernet/amd/xgbe/xgbe-drv.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/9924c80bd484340191e586110ca22bff23a49f2e
http://git.kernel.org/stable/c/617f9934bb37993b9813832516f318ba874bcb7d
http://git.kernel.org/stable/c/34aeb4da20f93ac80a6291a2dbe7b9c6460e9b26
http://git.kernel.org/stable/c/9892742f035f7aa7dcd2bb0750effa486db89576
http://git.kernel.org/stable/c/4d3fcfe8464838b3920bc2b939d888e0b792934e
http://git.kernel.org/stable/c/db6fd92316a254be2097556f01bccecf560e53ce
http://git.kernel.org/stable/c/e8f73f620fee5f52653ed2da360121e4446575c5
http://git.kernel.org/stable/c/5aac9108a180fc06e28d4e7fb00247ce603b72ee
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92950
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48744
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the mlx5e_xmit_xdp_frame() function in drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/8fbdf8c8b8ab82beab882175157650452c46493e
http://git.kernel.org/stable/c/ad5185735f7dab342fdd0dd41044da4c9ccfef67
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92930
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48745
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the mlx5_stop_sync_reset_poll() function in drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/502c37b033fab7cde3e95a570af4f073306be45e
http://git.kernel.org/stable/c/f895ebeb44d09d02674cfdd0cfc2bf687603918c
http://git.kernel.org/stable/c/2a038dd1d942f8fbc495c58fa592ff24af05f1c2
http://git.kernel.org/stable/c/3c5193a87b0fea090aa3f769d020337662d87b5e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92911
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48746
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_rep_bond_unslave(), mlx5e_rep_changelowerstate_event(), mlx5e_rep_changeupper_event() and mlx5e_rep_esw_bond_netevent() functions in drivers/net/ethernet/mellanox/mlx5/core/en/rep/bond.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/a01ee1b8165f4161459b5ec4e728bc7130fe8cd4
http://git.kernel.org/stable/c/fe70126da6063c29ca161cdec7ad1dae9af836b3
http://git.kernel.org/stable/c/4fad499d7fece448e7230d5e5b92f6d8a073e0bb
http://git.kernel.org/stable/c/ec41332e02bd0acf1f24206867bb6a02f5877a62
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92932
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48747
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the bio_truncate() function in block/bio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/6cbf4c731d7812518cd857c2cfc3da9fd120f6ae
http://git.kernel.org/stable/c/b63e120189fd92aff00096d11e2fc5253f60248b
http://git.kernel.org/stable/c/4633a79ff8bc82770486a063a08b55e5162521d8
http://git.kernel.org/stable/c/941d5180c430ce5b0f7a3622ef9b76077bfa3d82
http://git.kernel.org/stable/c/3ee859e384d453d6ac68bfd5971f630d9fa46ad3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92912
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48749
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dpu_setup_dspp_pcc() function in drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dspp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/93a6e920d8ccb4df846c03b6e72f7e08843d294c
http://git.kernel.org/stable/c/8f069f6dde518dfebe86e848508c07e497bd9298
http://git.kernel.org/stable/c/1ebc18836d5df09061657f8c548e594cbb519476
http://git.kernel.org/stable/c/170b22234d5495f5e0844246e23f004639ee89ba
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92959
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48752
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the power_pmu_disable() function in arch/powerpc/perf/core-book3s.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/55402a4618721f350a9ab660bb42717d8aa18e7c
http://git.kernel.org/stable/c/28aaed966e76807a71de79dd40a8eee9042374dd
http://git.kernel.org/stable/c/fa4ad064a6bd49208221df5e62adf27b426d1720
http://git.kernel.org/stable/c/fb6433b48a178d4672cb26632454ee0b21056eaa
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94439
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48773
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rpcrdma_ep_create() function in net/sunrpc/xprtrdma/verbs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/1e7433fb95ccc01629a5edaa4ced0cd8c98d0ae0
http://git.kernel.org/stable/c/9921c866dc369577c3ebb9adf2383b01b58c18de
http://git.kernel.org/stable/c/2526d4d8b209dc5ac1fbeb468149774888b2a141
http://git.kernel.org/stable/c/a9c10b5b3b67b3750a10c8b089b2e05f5e176e33
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92898
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48754
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the phy_detach() function in drivers/net/phy/phy_device.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/67d271760b037ce0806d687ee6057edc8afd4205
http://git.kernel.org/stable/c/f39027cbada43b33566c312e6be3db654ca3ad17
http://git.kernel.org/stable/c/bd024e36f68174b1793906c39ca16cee0c9295c2
http://git.kernel.org/stable/c/aefaccd19379d6c4620269a162bfb88ff687f289
http://git.kernel.org/stable/c/cb2fab10fc5e7a3aa1bb0a68a3abdcf3e37852af
http://git.kernel.org/stable/c/cbda1b16687580d5beee38273f6241ae3725960c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92915
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48756
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_dsi_phy_driver_unregister() function in drivers/gpu/drm/msm/dsi/phy/dsi_phy.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/6d9f8ba28f3747ca0f910a363e46f1114856dbbe
http://git.kernel.org/stable/c/ca63eeb70fcb53c42e1fe54e1735a54d8e7759fd
http://git.kernel.org/stable/c/581317b1f001b7509041544d7019b75571daa100
http://git.kernel.org/stable/c/79c0b5287ded74f4eacde4dfd8aa0a76cbd853b5
http://git.kernel.org/stable/c/56480fb10b976581a363fd168dc2e4fbee87a1a7
http://git.kernel.org/stable/c/2b7e7df1eacd280e561ede3e977853606871c951
http://git.kernel.org/stable/c/5e761a2287234bc402ba7ef07129f5103bcd775c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92960
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48758
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnx2fc_bind_pcidev(), bnx2fc_indicate_netevent(), bnx2fc_vport_destroy(), bnx2fc_if_create(), __bnx2fc_destroy(), bnx2fc_destroy_work() and bnx2fc_ulp_exit() functions in drivers/scsi/bnx2fc/bnx2fc_fcoe.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/2a12fe8248a38437b95b942bbe85aced72e6e2eb
http://git.kernel.org/stable/c/262550f29c750f7876b6ed1244281e72b64ebffb
http://git.kernel.org/stable/c/c93a290c862ccfa404e42d7420565730d67cbff9
http://git.kernel.org/stable/c/de6336b17a1376db1c0f7a528cce8783db0881c0
http://git.kernel.org/stable/c/bf2bd892a0cb14dd2d21f2c658f4b747813be311
http://git.kernel.org/stable/c/00849de10f798a9538242824a51b1756e7110754
http://git.kernel.org/stable/c/b11e34f7bab21df36f02a5e54fb69e858c09a65d
http://git.kernel.org/stable/c/ace7b6ef41251c5fe47f629a9a922382fb7b0a6b
http://git.kernel.org/stable/c/847f9ea4c5186fdb7b84297e3eeed9e340e83fce
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92931
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48759
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rpmsg_ctrldev_release_device(), rpmsg_chrdev_probe() and rpmsg_chrdev_remove() functions in drivers/rpmsg/rpmsg_char.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/74d85e9fbc7022a4011102c7474a9c7aeb704a35
http://git.kernel.org/stable/c/70cb4295ec806b663665e1d2ed15caab6159880e
http://git.kernel.org/stable/c/da27b834c1e0222e149e06caddf7718478086d1b
http://git.kernel.org/stable/c/1dbb206730f3e5ce90014ad569ddf8167ec4124a
http://git.kernel.org/stable/c/85aba11a8ea92a8eef2de95ebbe063086fd62d9c
http://git.kernel.org/stable/c/d6cdc6ae542845d4d0ac8b6d99362bde7042a3c7
http://git.kernel.org/stable/c/b7fb2dad571d1e21173c06cef0bced77b323990a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92976
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48760
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the usb_kill_urb() and usb_poison_urb() functions in drivers/usb/core/urb.c, within the __usb_hcd_giveback_urb() function in drivers/usb/core/hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/5f138ef224dffd15d5e5c5b095859719e0038427
http://git.kernel.org/stable/c/b50f5ca60475710bbc9a3af32fbfc17b1e69c2f0
http://git.kernel.org/stable/c/546ba238535d925254e0b3f12012a5c55801e2f3
http://git.kernel.org/stable/c/5904dfd3ddaff3bf4a41c3baf0a8e8f31ed4599b
http://git.kernel.org/stable/c/9c61fce322ac2ef7fecf025285353570d60e41d6
http://git.kernel.org/stable/c/e3b131e30e612ff0e32de6c1cb4f69f89db29193
http://git.kernel.org/stable/c/9340226388c66a7e090ebb00e91ed64a753b6c26
http://git.kernel.org/stable/c/c9a18f7c5b071dce5e6939568829d40994866ab0
http://git.kernel.org/stable/c/26fbe9772b8c459687930511444ce443011f86bf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92979
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48761
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the xhci_plat_suspend() function in drivers/usb/host/xhci-plat.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/20c51a4c52208f98e27308c456a1951778f41fa5
http://git.kernel.org/stable/c/d5755832a1e47f5d8773f0776e211ecd4e02da72
http://git.kernel.org/stable/c/8b05ad29acb972850ad795fa850e814b2e758b83
http://git.kernel.org/stable/c/9df478463d9feb90dae24f183383961cf123a0ec
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92887
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48763
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kvm_vcpu_ioctl_x86_set_vcpu_events() function in arch/x86/kvm/x86.c, within the nested_vmx_hardware_setup() function in arch/x86/kvm/vmx/nested.c, within the svm_set_efer() function in arch/x86/kvm/svm/svm.c, within the svm_free_nested() and svm_set_nested_state() functions in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/080dbe7e9b86a0392d8dffc00d9971792afc121f
http://git.kernel.org/stable/c/e302786233e6bc512986d007c96458ccf5ca21c7
http://git.kernel.org/stable/c/b4c0d89c92e957ecccce12e66b63875d0cc7af7e
http://git.kernel.org/stable/c/f7e570780efc5cec9b2ed1e0472a7da14e864fdb
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93276
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48765
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvm_apic_set_state() function in arch/x86/kvm/lapic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/54b3439c8e70e0bcfea59aeef9dd98908cbbf655
http://git.kernel.org/stable/c/ce55f63f6cea4cab8ae9212f73285648a5baa30d
http://git.kernel.org/stable/c/35fe7cfbab2e81f1afb23fc4212210b1de6d9633
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92889
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48767
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the restore_deleg_ino() function in fs/ceph/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/e7be12ca7d3947765b0d7c1c7e0537e748da993a
http://git.kernel.org/stable/c/36d433ae3242aa714176378850e6d1a5a3e78f18
http://git.kernel.org/stable/c/a0c22e970cd78b81c94691e6cb09713e8074d580
http://git.kernel.org/stable/c/932a9b5870d38b87ba0a9923c804b1af7d3605b9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92890
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48768
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the trace_action_create() function in kernel/trace/trace_events_hist.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/8a8878ebb596281f50fc0b9a6e1f23f0d7f154e8
http://git.kernel.org/stable/c/d71b06aa995007eafd247626d0669b9364c42ad7
http://git.kernel.org/stable/c/e33fa4a46ee22de88a700e2e3d033da8214a5175
http://git.kernel.org/stable/c/df86e2fe808c3536a9dba353cc2bebdfea00d0cf
http://git.kernel.org/stable/c/e629e7b525a179e29d53463d992bdee759c950fb
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93248
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48769
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the efi_systab_report_header() function in drivers/firmware/efi/efi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/b0f1cc093bc2493ac259c53766fd2b800e085807
http://git.kernel.org/stable/c/3df52448978802ae15dcebf66beba1029df957b4
http://git.kernel.org/stable/c/a4085859411c825c321c9b55b8a9dc5a128a6684
http://git.kernel.org/stable/c/f5390cd0b43c2e54c7cf5506c7da4a37c5cef746
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92899
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48771
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmw_kms_helper_buffer_finish() function in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c, within the vmw_fence_event_ioctl() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c, within the vmw_execbuf_fence_commands(), vmw_execbuf_copy_fence_user() and vmw_execbuf_process() functions in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC Storage Monitoring and Reporting (SMR): before 5.0.2.0
Storage Resource Manager: before 5.0.2.0
CPE2.3http://git.kernel.org/stable/c/e8d092a62449dcfc73517ca43963d2b8f44d0516
http://git.kernel.org/stable/c/0008a0c78fc33a84e2212a7c04e6b21a36ca6f4d
http://git.kernel.org/stable/c/84b1259fe36ae0915f3d6ddcea6377779de48b82
http://git.kernel.org/stable/c/ae2b20f27732fe92055d9e7b350abc5cdf3e2414
http://git.kernel.org/stable/c/6066977961fc6f437bc064f628cf9b0e4571c56c
http://git.kernel.org/stable/c/1d833b27fb708d6fdf5de9f6b3a8be4bd4321565
http://git.kernel.org/stable/c/a0f90c8815706981c483a652a6aefca51a5e191c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.