Risk | Low |
Patch available | YES |
Number of vulnerabilities | 35 |
CVE-ID | CVE-2024-43817 CVE-2024-45018 CVE-2024-46713 CVE-2024-47745 CVE-2024-47747 CVE-2024-47749 CVE-2024-49899 CVE-2024-49929 CVE-2024-49952 CVE-2024-50045 CVE-2024-50062 CVE-2024-50085 CVE-2024-50089 CVE-2024-50141 CVE-2024-50143 CVE-2024-50179 CVE-2024-50180 CVE-2024-50192 CVE-2024-50195 CVE-2024-50202 CVE-2024-50205 CVE-2024-50229 CVE-2024-50230 CVE-2024-50241 CVE-2024-50248 CVE-2024-50262 CVE-2024-50265 CVE-2024-50269 CVE-2024-50273 CVE-2024-50289 CVE-2024-50301 CVE-2024-53052 CVE-2024-53061 CVE-2024-53066 CVE-2016-10044 |
CWE-ID | CWE-20 CWE-908 CWE-667 CWE-416 CWE-476 CWE-119 CWE-399 CWE-191 CWE-125 CWE-401 CWE-404 CWE-264 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 35 vulnerabilities.
EUVDB-ID: #VU96160
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43817
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/linux/virtio_net.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97182
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45018
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nf_flow_offload_tuple() function in net/netfilter/nf_flow_table_offload.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97313
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46713
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ring_buffer_init() function in kernel/events/ring_buffer.c, within the put_ctx(), perf_mmap_close(), perf_mmap() and atomic_dec() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99229
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47745
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the SYSCALL_DEFINE5() function in mm/mmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98888
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47747
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ether3_remove() function in drivers/net/ethernet/seeq/ether3.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98971
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47749
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the act_establish() and act_open_rpl() functions in drivers/infiniband/hw/cxgb4/cm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99225
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49899
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the CalculateVMGroupAndRequestTimes() function in drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_shared.c, within the get_bytes_per_element() function in drivers/gpu/drm/amd/display/dc/dml/dml1_display_rq_dlg_calc.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98957
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49929
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iwl_mvm_tx_mpdu() and iwl_mvm_tx_skb_sta() functions in drivers/net/wireless/intel/iwlwifi/mvm/tx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99151
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49952
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nf_dup_ipv6_route() and nf_dup_ipv6() functions in net/ipv6/netfilter/nf_dup_ipv6.c, within the nf_dup_ipv4() function in net/ipv4/netfilter/nf_dup_ipv4.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99038
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50045
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the br_nf_dev_queue_xmit() function in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99039
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50062
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rtrs_srv_info_req_done() and post_recv_path() functions in drivers/infiniband/ulp/rtrs/rtrs-srv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99443
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50085
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99849
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50089
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfdicf_init() and main() functions in fs/unicode/mkutf8data.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100077
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50141
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the efi_pa_va_lookup(), acpi_parse_prmt() and acpi_platformrt_space_handler() functions in drivers/acpi/prmt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100084
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50143
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the udf_current_aext() function in fs/udf/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100154
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50179
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ceph_set_page_dirty() function in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100137
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50180
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the sisfb_search_mode() function in drivers/video/fbdev/sis/sis_main.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100144
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50192
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the its_build_vmapp_cmd(), its_vpe_set_affinity() and its_vpe_init() functions in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100150
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50195
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100130
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50202
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nilfs_lookup(), nilfs_do_unlink(), nilfs_rename() and nilfs_get_parent() functions in fs/nilfs2/namei.c, within the nilfs_readdir(), nilfs_find_entry() and nilfs_inode_by_name() functions in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100136
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50205
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the apply_constraint_to_size() function in sound/firewire/amdtp-stream.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100183
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50229
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_symlink() function in fs/nilfs2/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100188
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50230
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nilfs_clear_dirty_page() function in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100197
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50241
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nfsd4_copy() function in fs/nfsd/nfs4proc.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100205
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50248
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100173
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50262
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the trie_get_next_key() function in kernel/bpf/lpm_trie.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100610
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50265
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ocfs2_xa_remove() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100649
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50269
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the sunxi_musb_exit() function in drivers/usb/musb/sunxi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100623
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50273
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the insert_delayed_ref() function in fs/btrfs/delayed-ref.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100652
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50289
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the CI_handle() and dvb_ca_ioctl() functions in drivers/staging/media/av7110/av7110_ca.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100622
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50301
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the security/keys/keyring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100720
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53052
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_write_prep() and io_write() functions in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100733
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53061
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the exynos4_jpeg_parse_decode_h_tbl(), get_word_be() and s5p_jpeg_parse_hdr() functions in drivers/media/platform/s5p-jpeg/jpeg-core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100730
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53066
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nfs_fattr_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU6642
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-10044
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management within the aio_mount() function in fs/aio.c. A local user can bypass SELinux W^X policy restrictions and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-238.0.0.137
python3-perf: before 5.10.0-238.0.0.137
perf-debuginfo: before 5.10.0-238.0.0.137
perf: before 5.10.0-238.0.0.137
kernel-tools-devel: before 5.10.0-238.0.0.137
kernel-tools-debuginfo: before 5.10.0-238.0.0.137
kernel-tools: before 5.10.0-238.0.0.137
kernel-source: before 5.10.0-238.0.0.137
kernel-headers: before 5.10.0-238.0.0.137
kernel-devel: before 5.10.0-238.0.0.137
kernel-debugsource: before 5.10.0-238.0.0.137
kernel-debuginfo: before 5.10.0-238.0.0.137
bpftool-debuginfo: before 5.10.0-238.0.0.137
bpftool: before 5.10.0-238.0.0.137
kernel: before 5.10.0-238.0.0.137
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.